Important: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has...

Important: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update...

Important: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

ALSA-2023:4418 Important: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag...

CVE-2022-28615: Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

The ap_rwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2502)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2462)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : httpd (EulerOS-SA-2023-2487)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack...

apr security update

CentOS Errata and Security Advisory CESA-2023:3145 An update for apr-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

EulerOS Virtualization 3.0.6.6 : httpd (EulerOS-SA-2023-2425)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2425)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle HTTP Server (Jul 2023 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Jul 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Thirdparty LibExpat. The supported version that is affected ...

Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 33 Multiple Vulnerabilities

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including: - Vulnerability in the sfdcpreauth.jsp component. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code. CVE-2023-29382 - HTTP reques...

Oracle Enterprise Manager Ops Center (Jul 2023 CPU)

The 12.4.0.0 version of Enterprise Manager Ops Center installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory: - Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager component: Networking Apache HTT...

Security Bulletin: Vulnerabilities have been identified in OpenSSL, Apache HTTP Server and other system libraries shipped with the DS8000 Hardware Management Console (HMC)

Summary IBM DS8900 Management Console is affected by Open Source expat CVE-2022-43680, libxml2 CVE-2022-40303, CVE-2022-40304, dbus CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, httpd CVE-2023-25690, systemd CVE-2022-4415, OpenSSL CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286,...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2023-2271)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affect...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2271)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-9025

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions through 2.4.58 Description The issue is related to faulty input validation in the core of Apache, allowing malicious or exploitable backend/content generators to split HTTP responses. This can be exploited by a remo...