5707 matches found
RLSA-2024:9306 Moderate: httpd security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP response splitting CVE-2023-38709 httpd: HTTP Response Splitting in multiple modules CVE-2024-24795 For more details about the security issues, including the impact, a...
httpd bug fix update
An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-25193 DESCRIPTION: Harfbuzz is vulnerable to a denial of service, caused by a...
Linux Distros Unpatched Vulnerability : CVE-2021-36160
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions...
Linux Distros Unpatched Vulnerability : CVE-2020-11984
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE CVE-2020-11984 Note that Nessus relies on the presence of the package as...
Linux Distros Unpatched Vulnerability : CVE-2024-24795
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cau...
Linux Distros Unpatched Vulnerability : CVE-2013-1862
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which...
Linux Distros Unpatched Vulnerability : CVE-2019-17567
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole...
Linux Distros Unpatched Vulnerability : CVE-2012-0053
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error...
Linux Distros Unpatched Vulnerability : CVE-2012-0031
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service daemon crash during shutdown or possibly have...
Linux Distros Unpatched Vulnerability : CVE-2018-1302
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an...
Linux Distros Unpatched Vulnerability : CVE-2019-10092
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the...
Linux Distros Unpatched Vulnerability : CVE-2014-7169
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows...
Linux Distros Unpatched Vulnerability : CVE-2016-4975
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32...
Linux Distros Unpatched Vulnerability : CVE-2014-8109
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorizati...
Linux Distros Unpatched Vulnerability : CVE-2015-3183
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to condu...
Linux Distros Unpatched Vulnerability : CVE-2017-9798
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has...
Linux Distros Unpatched Vulnerability : CVE-2018-1301
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by...
Linux Distros Unpatched Vulnerability : CVE-2016-8743
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers...
Linux Distros Unpatched Vulnerability : CVE-2018-1303
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be...