EulerOS 2.0 SP11 : httpd (EulerOS-SA-2023-1408)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided dat...

KLA48513 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to bypass security restrictions. Below is a complete list of vulnerabilities: 1. HTTP request smuggling vulnerability in modrewrite and modproxy can be exploited to bypass security...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1408)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1423)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple security vulnerabilities has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001]

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001 Vulnerability Details Refer to the...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server and Apache Portable Runtime

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server and Apache Portable Runtime: CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2006-20001, and CVE-2022-25147. This has been addressed in...

Security Bulletin: Vulnerabilities in Bash affect IBM SAN b-type Switches (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM SAN b-type Switches. Vulnerability Details CVE-ID : CVE-2014-6271...

Oracle Linux 9 : httpd (ELSA-2023-0970)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0970 advisory. - Resolves: 2165970 - CVE-2006-20001 httpd: moddav: out-of-bounds read/write of zero byte - Resolves: 2165973 - CVE-2022-37436 httpd: modproxy: HTTP...

ALSA-2023:0970 Moderate: httpd security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...

Moderate: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0.27. BZ2161667 Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cook...

ALSA-2023:0965 Moderate: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0.27. BZ2161667 Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cook...

AlmaLinux 9 : httpd (ALSA-2023:0970)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0970 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value...

RHEL 9 : httpd (RHSA-2023:0970)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0970 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav:...

Mitsubishi Electric MELSOFT iQ AppPortal

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT iQ AppPortal Vulnerabilities: HTTP Request Smuggling, Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of these...

Amazon Linux 2 : httpd (ALAS-2023-1938)

The version of httpd installed on the remote host is prior to 2.4.55-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1938 advisory. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory...

Tenable SecurityCenter 5.22.0 / 5.23.1 / 6.0.0 Apache Header Truncation (TNS-2023-06)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host has a third-party software vulnerability in Apache HTTP Server. Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in so...

RLSA-2023:0852 Moderate: httpd:2.4 security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...

K000132643: Apache HTTP server vulnerability CVE-2022-36760

Security Advisory Description Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4...

Oracle Linux 8 : httpd:2.4 (ELSA-2023-0852)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0852 advisory. - Resolves: 2165976 - CVE-2006-20001 httpd: moddav: out-of-bounds read/write of zero byte - Resolves: 2165977 - CVE-2022-37436 httpd: modproxy: HTTP...