Oracle Linux 8 : httpd:2.4 (ELSA-2023-5050)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5050 advisory. - Resolves: 2176723 - CVE-2023-27522 httpd:2.4/httpd: modproxyuwsgi HTTP response splitting - Resolves: 2190133 - modrewrite regression with CVE-2023-25690 -...

AlmaLinux 8 : httpd:2.4 (ALSA-2023:5050)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5050 advisory. httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. No...

httpd: mod_proxy_uwsgi HTTP response splitting

An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via modproxyuwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client...

CentOS 8 : httpd:2.4 (CESA-2023:5050)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:5050 advisory. - HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special...

CVE-2014-5329

GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...

CVE-2014-5329

GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...

Oracle Linux 8 : httpd:2.4 (ELSA-2019-3436)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3436 advisory. - In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid...

Oracle Linux 6 : httpd (ELSA-2015-1249)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1249 advisory. - core: fix bypassing of modheaders rules via chunked requests CVE-2013-5704 Tenable has extracted the preceding description block directly from the Oracle Linu...

Oracle Linux 6 : httpd24-httpd (ELSA-2014-1972)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1972 advisory. - Remove modproxyfcgi fix for heap-based buffer overflow, httpd-2.4.6 is not affected CVE-2014-3583 - core: fix bypassing of modheaders rules via chunk...

Oracle Linux 7 : httpd24-httpd (ELSA-2015-1666)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1666 advisory. - core: fix chunk header parsing defect CVE-2015-3183 - core: replace of apsomeauthrequired with apsomeauthnrequired and apforceauthn hook CVE-2015-318...

PT-2023-9026

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.59 Description The issue is related to HTTP Response splitting in multiple modules in Apache HTTP Server, which allows an attacker to inject malicious response headers into backend applications, causing...

httpd: mod_proxy_ajp: Possible request smuggling

A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...

httpd: mod_proxy: HTTP response splitting

A flaw was found in the modproxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client...

Moderate: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links...

Moderate: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.57 (RHSA-2023:4629)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4629 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...

mod_auth_openidc:2.3 security update

An update is available for module.modauthopenidc, cjose, module.cjose, modauthopenidc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modauthopenidc is an...

Exploit for Path Traversal in Apache Http_Server

PoC exploit for CVE-2021-41773 and CVE-2021-42013, two vulnerabi...

Important: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Important: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...