Rocky Linux 9 : httpd (RLSA-2023:0970)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0970 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value...

RHEL 8 : httpd:2.4 (RHSA-2023:1673)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1673 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting wi...

Oracle Linux 7 : httpd (ELSA-2023-1593)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-1593 advisory. - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34381850 - modsession: save one aprstrtok Orabug:...

RHEL 8 : httpd:2.4 (RHSA-2023:1596)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1596 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting wi...

Security Bulletin: IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690)

Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to HTTP request splitting when using modproxy or the Web Server Plug-in due to the included Apache HTTP Server. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION...

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHEL 8 : httpd:2.4 (RHSA-2023:1597)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1597 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting wi...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

UBUNTU-CVE-2023-28625

modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...

Apache 2.4.x - Buffer Overflow Exploit

Exploit Title: Apache 2.4.x - Buffer Overflow Exploit Author: Sunil Iyengar Vendor Homepage: https://httpd.apache.org/ Software Link: https://archive.apache.org/dist/httpd/ Version: Any version less than 2.4.51. Tested on 2.4.50 and 2.4.51 Tested on: Server Kali, Client MacOS Monterey CVE :...

Security Bulletin: Vulnerability in Apache HTTP Server affect Cloud Pak System (CVE-2006-20001)

Summary Denial of service vulnerability in moddav module of Apache HTTP Server affects Cloud Pak System. Vulnerability Details CVEID:CVE-2006-20001 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read or write of zero in moddav. By sending a...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache2 (SUSE-SU-2023:1658-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1658-1 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP...

Security Bulletin: Vulnerabilities in bash affect SAN Volume Controller and Storwize Family (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Security Bulletin: Vulnerabilities in Bash affect SAN Volume Controller and Storwize Family CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278 Vulnerability Details Security Bulletin --- Summary --- Six Bash vulnerabilities were disclosed in September...

CBL Mariner 2.0 Security Update: httpd (CVE-2023-27522)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27522 advisory. - HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP...

CBL Mariner 2.0 Security Update: httpd (CVE-2009-1890)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2009-1890 advisory. - The streamreqbodycl function in modproxyhttp.c in the modproxy module in the Apache HTTP Server before 2.3.3,...

CBL Mariner 2.0 Security Update: httpd / mod_http2 (CVE-2023-25690)

The version of httpd / modhttp2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-25690 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP...

[SECURITY] Fedora 36 Update: httpd-2.4.56-1.fc36

The Apache HTTP Server is a powerful, efficient, and extensible web server...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2023:1573-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1573-1 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack...

Fedora 36 : httpd (2023-7df48f618b)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7df48f618b advisory. - new version 2.4.56 - security update for CVE-2023-27522 and CVE-2023-25690 Tenable has extracted the preceding description block directly from the...

Debian: Security Advisory (DSA-5376-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...