CVE-2023-38035

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration...

PT-2025-3986 · Apache · Apache Httpd

Name of the Vulnerable Software and Affected Versions: Apache HTTPD affected versions not specified Description: The issue concerns a rejected reason related to the Apache HTTPD DNS. No further details are provided about the nature of the issue or its potential impact. There is no information...

PT-2025-2695 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTPd affected versions not specified Description: The issue is related to a denial of service. No further details are provided about the nature of the issue, affected devices, or real-world incidents. Recommendations: At the moment,...

RLSA-2024:8680 Low: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

mod_http2 security update

An update is available for modhttp2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of...

Low: Red Hat Security Advisory: mod_http2 security update

An update for modhttp2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

ALSA-2024:8680 Low: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

[slackware-security] php81

New php81 packages are available for Slackware 15.0 to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.30-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: Bypass of CVE-2024-4577, Parameter Injection Vulnerability...

GLSA-202409-31 : Apache HTTPD: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202409-31 Apache HTTPD: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block...

Apache HTTPD: Multiple Vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Apache HTTPD Mod_negotiation Filename Bruter

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework modnegotiation bruter http://httpd.apache.org/docs/1.3/content-negotiation.html class MetasploitModule 'Apache HTTPD modnegotiation Filename Bruter', 'Description' = %q...

K000140784: Apache HTTPD vulnerability CVE-2024-38477

Security Advisory Description null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. CVE-2024-38477 Impact Attackers can exploit this...

F5 Networks BIG-IP : Apache HTTPD vulnerability (K000140784)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000140784 advisory. null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server v...

CLSA-2024-1724351427 httpd: Fix of 9 CVEs

CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: modrewrite: server weakness in modrewrite when first segment of substitution matches filesystem path - CVE-2024-38477: modproxy: crash resulting in Denial of Service in modproxy via a...

F5 Networks BIG-IP : Apache HTTPD vulnerabilities (K000140620)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6 / 17.1.2.2 / 17.5.0. It is, therefore, affected by multiple vulnerabilities as referenced in the K000140620 advisory. CVE-2024-38474Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier...

Important: httpd

Issue Overview: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosu...

httpd: Improper escaping of output in mod_rewrite

A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...

httpd: Potential SSRF in mod_rewrite

A flaw was found in the modrewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the modproxy module...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

httpd: CONTINUATION frames DoS

A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...