Exploit for Exposure of Resource to Wrong Sphere in Apache Http_Server

HTTP Request Smuggling Detection Tool This repository contain...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2023-38709) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-38709 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by improper input validation in the...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2023-45802) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-45802 DESCRIPTION: When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2952)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2024-2937)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2968)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2982)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

ROS-20241203-19

Apache HTTP Server web server kernel vulnerability is related to the inclusion of functions from an invalid controlled area. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code by running local handlers through internal redirection A vulnerability in the...

PT-2025-29117

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.35 through 2.4.63 Description: In certain mod ssl configurations, an access control bypass is possible for trusted clients using TLS 1.3 session resumption. This occurs when mod ssl is configured for multiple...

macOS 15.x < 15.1 Multiple Vulnerabilities (121564)

The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.1. It is, therefore, affected by multiple vulnerabilities: - The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system...

Security Bulletin: TSSC/IMC is vulnerable to a denial of service on Apache HTTP Server

Summary TSSC/IM is vulnerable to a denial of service on Apache HTTP Server. The latest code level has an upgrade to the relevant libaries to fix CVE-2024-27316. Vulnerability Details CVEID:CVE-2024-27316 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the failure t...

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Moderate: Red Hat Security Advisory: mod_auth_openidc security update

An update for modauthopenidc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Security Bulletin: IBM Aspera Faspex 4.4.2 PL2 has addressed multiple vulnerabilities (CVE-2022-28330, CVE-2023-22868, CVE-2022-30556, CVE-2022-31813, CVE-2022-30522, CVE-2022-47986, CVE-2022-28615, CVE-2022-26377, CVE-2018-25032, CVE-2022-2068)

Summary This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera Faspex 4.4.2 PL2. Vulnerability Details CVEID:CVE-2022-28330 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

ALSA-2024:9180 Moderate: mod_auth_openidc security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating...

Moderate: mod_auth_openidc security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating...

2.4 bug fix and enhancement update

An update is available for module.modmd, module.modhttp2, modhttp2, httpd, modmd, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

Security update for apache2

This update for apache2 fixes the following issues: CVE-2023-45802: HTTP/2 stream memory not reclaimed right away on RST bsc1216423. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

RHEL 8 : httpd:2.4 (RHSA-2024:6136)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6136 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backe...

RHEL 8 : httpd:2.4 (RHSA-2024:6583)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6583 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backe...