SUSE-SU-2023:0294-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in modproxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body bsc1207251. - CVE-2022-36760: Fixed an issue in...

Security fix for the ALT Linux 10 package apache2 version 1:2.4.55-alt1

1:2.4.55-alt1 built Feb. 7, 2023 Anton Farygin in task 314495 Feb. 1, 2023 Anton Farygin - 2.4.55 Fixes: CVE-2022-37436, CVE-2006-20001, CVE-2022-36760...

Ubuntu: Security Advisory (USN-5839-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5839-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_auth_openidc (SUSE-SU-2023:0215-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0215-1 advisory. - modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID...

SUSE: Security Advisory (SUSE-SU-2023:0215-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:0215-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2022-23527: Fixed open redirect in oidcvalidateredirecturl using tab character bsc1206441. - CVE-2021-39191: Fixed open redirect issue in targetlinkuri parameter bsc1190223...

SUSE: Security Advisory (SUSE-SU-2023:0183-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:0185-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2023:0183-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0183-1 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2023:0185-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0185-1 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...

SUSE-SU-2023:0183-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in modproxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body bsc1207251. - CVE-2022-36760: Fixed an issue in...

HTTP Request Smuggling

apache2 is vulnerable to HTTP Request Smuggling. The vulnerability exists as the inconsistent interpretation of HTTP requests in modproxyajp allows an attacker to smuggle requests to the AJP server it forwards requests to...

HTTP Response Splitting

apache2 is vulnerable to HTTP Response Splitting. A malicious backend may cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...

Denial Of Service (DoS)

apache2 is vulnerable to Denial of ServiceDoS attacks. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool memory location beyond the header value sent, causing the application to crash...

SUSE: Security Advisory (SUSE-SU-2022:4488-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : apache2-mod_wsgi (SUSE-SU-2022:4488-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4488-1 advisory. - A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker t...

SUSE-SU-2022:4488-1 Security update for apache2-mod_wsgi

This update for apache2-modwsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. bsc1201634...

SUSE: Security Advisory (SUSE-SU-2022:4010-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : apache2-mod_wsgi (SUSE-SU-2022:4013-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4013-1 advisory. - A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker t...