Security Bulletin: IBM Aspera Orchestrator was vulnerable to a denial of service attack due to an Apache HTTP Server vulnerability (CVE-2022-30522)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-30522 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service when configured to do transformations with modsed in contexts where the input to modsed may be...

Security Bulletin: IBM Aspera Orchestrator affected by denial of service vulnerability (CVE-2022-22719)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-22719 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By using a specially crafted request body to read a random memory area, a remote attacker could...

Security Bulletin: IBM Aspera Orchestrator vulnerable to server-side request forgery due to Apache HTTP Server vulnerability (CVE-2021-40438)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in modproxy. By sending a specially crafted request uri-path, a remo...

USN-5839-2: Apache HTTP Server vulnerability

USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server modproxy module incorrectly truncated certain response headers. This may result in later...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerability (USN-5839-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5839-2 advisory. USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding description...

USN-5839-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server moddav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2006-20001 ZeddYuLu discovered that the Apache HTTP Server modproxyajp...

Ubuntu: Security Advisory (USN-5834-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache HTTP Server vulnerabilities (USN-5839-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5839-1 advisory. It was discovered that the Apache HTTP Server moddav module incorrectly handled certain If: request headers. A remote attacker...

USN-5834-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server moddav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. CVE-2006-20001 It was discovered that the Apache HTTP Server...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5834-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5834-1 advisory. It was discovered that the Apache HTTP Server moddav module did not properly handle specially crafted request headers. A remote attacker could possibly u...

CLSA-2023-1675111607 httpd: Fix of CVE-2022-36760

CVE-2022-36760: modproxyajp: fix possible HTTP request smuggling...

EulerOS Virtualization 3.0.2.2 : httpd (EulerOS-SA-2023-1260)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...

PT-2023-2262 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.30 through 2.4.55 uWSGI PyPI package versions prior to 2.0.22 Description: The issue is related to HTTP Response Smuggling vulnerability in Apache HTTP Server via mod proxy uwsgi. Special characters in the orig...

Fedora: Security Advisory for httpd (FEDORA-2023-f6ff3f85eb)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: httpd-2.4.55-1.fc37

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Fedora 37 : httpd (2023-f6ff3f85eb)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f6ff3f85eb advisory. - new version 2.4.55 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2023:0183-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0183-1 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...

Rocky Linux 9 : httpd (RLSA-2022:8067)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8067 advisory. - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop...

K21192332: Apache HTTP Server vulnerability CVE-2022-31813

Security Advisory Description Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. CVE-2022-31813 Impact An...

Oracle HTTP Server (Jan 2023 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Jan 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Centralized Thirdparty Jars Expat. The supported version tha...