RHEL 8 : httpd:2.4 (RHSA-2024:6136)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6136 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backe...

RHEL 8 : httpd:2.4 (RHSA-2024:6467)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6467 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backe...

RHEL 8 : httpd:2.4 (RHSA-2024:5193)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5193 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backe...

Moderate: Red Hat Security Advisory: mod_jk security update

An update for modjk is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

RHEL 9 : mod_jk (RHSA-2024:8929)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:8929 advisory. The modjk module is a plugin for the Apache HTTP Server to connect it with the Apache Tomcat servlet engine. Security Fixes: modjk: information...

RHEL 6 / 7 : httpd24-httpd (RHSA-2017:2483)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2483 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: It was discovered...

RHEL 6 / 7 : httpd24-httpd and httpd24-nghttp2 (RHSA-2019:2949)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2949 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: HTTP/2: large amoun...

Important: httpd24

Issue Overview: Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE CVE-2020-11984 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to...

Security Bulletin: Multiple Vulnerabilities in http-server affect Cloud Pak System

Summary Multiple Vulnerabilities in http-server affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-38474 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by a substitution encoding issue in modrewrite. By sending a specially...

Advisory ROSA-SA-2024-2515

Software: httpd 2.4.6 OS: rosa-server79 packageevrstring: httpd-2.4.6-99.0.5.res7.1 CVE-ID: CVE-2021-26690 BDU-ID: 2021-03681 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2719)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fortinet Fortigate Slow HTTP DoS Attacks Mitigation (FG-IR-19-013)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-19-013 advisory. - An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2,...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2736)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.12.1 : httpd (EulerOS-SA-2024-2751)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to...

mod_jk bug fix update

An update is available for modjk. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modjk module is an Apache HTTP Server plug-in that enables the Apache HTTP...

OESA-2024-2288 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some...

Qnap QTS Bash OS Command Injection (CVE-2014-6271)

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

Qnap QTS Bash OS Command Injection (CVE-2014-7169)

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

Security Bulletin: Multiple Vulnerabilities affect IBM Cloud Pak System.

Summary Mulitple vulnerabilities have been addressed in IBM Cloud Pak System 2.3.4.0 and IBM Cloud Pak System 2.3.5.0. Vulnerability Details CVEID:CVE-2022-31813 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the...

CLSA-2024-1728479129 Fix CVE(s): CVE-2023-38709, CVE-2024-24795, CVE-2024-27316

SECURITY UPDATE: Memory exhaustion due to excessive HTTP/2 incoming headers buffering - debian/patches/CVE-2024-27316.patch: Fix to bail after too many failed reads, increment count on request headers failed to add - CVE-2024-27316 SECURITY UPDATE: Faulty input validation in the core of Apache...