Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-28615)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-28615 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a read beyond bounds in apstrcmpmatch when provided with an...

MGASA-2023-0032 Updated apache packages fix security vulnerability

CVE-2022-37436: Apache HTTP Server: modproxy prior to 2.4.55 allows a backend to trigger HTTP response splitting. Prior to 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers ha...

Apache HTTP Server Http Request Smuggling Vulnerability (CNVD-2023-30860)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An Http request smuggling vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.55 and earlier, which stems from a...

Apache HTTP Server CLRF Injection Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A CLRF injection vulnerability exists in Apache HTTP Server versions prior to 2.4.55. The vulnerability stems from a Web applicati...

Security Bulletin: Vulnerabilities have been identified in Spring Framework, OpenSSL and Apache HTTP Server shipped with the DS8000 Hardware Management Console (HMC)

Summary The updates indicated below have been released to address the following vulnerabilities: Spring Framework CVE-2022-22965, OpenSSL vulnerabilities CVE-2022-0778, Apache HTTP Server CVE-2021-26691, CVE-2021-40438, CVE-2021-44790, and CVE-2021-20325. Vulnerability Details CVEID:CVE-2022-0778...

OESA-2023-1052 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to...

[SECURITY] Fedora 36 Update: httpd-2.4.55-1.fc36

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Fedora 36 : httpd (2023-6d4055d482)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6d4055d482 advisory. - new version 2.4.55 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

Fedora: Security Advisory for httpd (FEDORA-2023-6d4055d482)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Ubuntu: Security Advisory (USN-5839-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Aspera Orchestrator affected by an Apache HTTP Server vulnerability (CVE-2022-28614)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-28614 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in the aprwrite function. By reflecting very large...

Security Bulletin: IBM Aspera Orchestrator affected by vulnerability ( CVE-2022-31813)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-31813 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the X-Forwarded- headers to the origin...

Security Bulletin: IBM Aspera Orchestrator affected by HTTP request splitting attack due to Apache HTTP Server vulnerability (CVE-2021-33193)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-33193 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by improper input validation in HTTP/2 message processing. A remote attacker...

Security Bulletin: IBM Aspera Orchestrator vulnerable to HTTP request smuggling due to an Apache HTTP Server vulnerability (CVE-2022-26377)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-26377 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of HTTP Requests vulnerability in modproxyajp. An...

Security Bulletin: IBM Aspera Orchestrator was vulnerable to denial of service due to an Apache HTTP Server vulnerability (CVE-2021-34798)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-34798 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference in httpd core. By sending a specially crafted request, a...

Security Bulletin: IBM Aspera Orchestrator affected by buffer overflow vulnerability (CVE-2021-39275)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-39275 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking by the apescapequotes function. By sending specially crafted...

Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-23943)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-23943 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in modsed. By sending special...

Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-28330)

Summary The vulnerability CVE-2022-28330 has been remediated in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-28330 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to read beyond boun...

Security Bulletin: IBM Aspera Orchestrator affected by Apache HTTP Server vulnerability (CVE-2022-30556)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-30556 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in modlua with websockets. An attacker could exploi...

Security Bulletin: IBM Aspera Orchestrator affected by denial of service vulnerability (CVE-2021-36160)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-36160 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read in modproxyuwsgi. By sending a specially crafted request...