Apache Airflow Authorization Problem Vulnerability (CNVD-2023-93318)

Apache HTTP Server Buffer Overflow Vulnerability CNVD-2023-93320...

ALSA-2023:6940 Moderate: mod_auth_openidc:2.3 security and bug fix update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2023:4431-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4431-1 advisory. - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122...

Moderate: mod_auth_openidc:2.3 security and bug fix update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2023:4432-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4432-1 advisory. - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122...

Fedora: Security Advisory for httpd (FEDORA-2023-3d1bf0ee44)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: mod_auth_openidc security and bug fix update

An update for modauthopenidc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

httpd: mod_proxy_uwsgi HTTP response splitting

An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via modproxyuwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client...

[SECURITY] Fedora 37 Update: httpd-2.4.58-1.fc37

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Fedora 37 : httpd (2023-3d1bf0ee44)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-3d1bf0ee44 advisory. New version 2.4.58 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Moderate: mod_auth_openidc security and bug fix update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...

ALSA-2023:6365 Moderate: mod_auth_openidc security and bug fix update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...

RHEL 9 : httpd and mod_http2 (RHSA-2023:6403)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6403 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:1049)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1049 advisory. - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP...

Fedora 39 : httpd (2023-606f830772)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-606f830772 advisory. New version 2.4.58 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:7647)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7647 advisory. - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Serve...

ALSA-2023:6403 Moderate: httpd and mod_http2 security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.57. BZ2184403 Security Fixes: httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 For more details about th...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:0258)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0258 advisory. - A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:1915)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1915 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this...

Rocky Linux 8 : httpd:2.4 (RLSA-2021:3816)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3816 advisory. - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow CVE-2021-26691 -...