SUSE SLES15 Security Update : php7 (SUSE-SU-2022:1755-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1755-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

openSUSE: Security Advisory for apache2-mod_auth_mellon (SUSE-SU-2022:1524-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:1524-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : apache2-mod_auth_mellon (SUSE-SU-2022:1524-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1524-1 advisory. - A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate...

SUSE-SU-2022:1524-1 Security update for apache2-mod_auth_mellon

This update for apache2-modauthmellon fixes the following issues: - CVE-2021-3639: Fixed open Redirect vulnerability in logout URLs bsc1188926...

Internet Bug Bounty: CVE-2022-27776: Auth/cookie leak on redirect

Summary: curl/libcurl can be coaxed to leak Authorization / Cookie headers by redirecting request to http:// URL on the same host. Successful exploitation requires that the attacker can either Man-in-the-Middle the connection or can access the traffic at the recipient side for example by...

Internet Bug Bounty: CVE-2022-27774: Credential leak on redirect

Summary: curl/libcurl can be coaxed to leak user credentials to third-party host by issuing HTTP redirect to ftp:// URL. Steps To Reproduce: 1. Configure for example Apache2 on firstsite.tld to perform redirect with modrewrite: RewriteCond %HTTPUSERAGENT "^curl/" RewriteRule ^/redirectpoc...

curl: CVE-2022-27774: Credential leak on redirect

Summary: Curl can be coaxed to leak user credentials to third-party host by issuing HTTP redirect to ftp:// URL. Steps To Reproduce: 1. Configure for example Apache2 on firstsite.tld to perform redirect with modrewrite: RewriteCond %HTTPUSERAGENT "^curl/" RewriteRule ^/redirectpoc...

openSUSE: Security Advisory for apache2 (openSUSE-SU-2022:1031-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:1031-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2022:1031-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1031-1 advisory. - A carefully crafted request body can cause a read to a random memory area which could cause the process to...

SUSE-SU-2022:1031-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in modsed bsc1197098. - CVE-2022-22720: HTTP request smuggling due to incorrect error handling bsc1197095. - CVE-2022-22719: use of uninitialized value of in r:parsebody in modlua bsc1197091. -...

OPENSUSE-SU-2022:1031-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in modsed bsc1197098. - CVE-2022-22720: HTTP request smuggling due to incorrect error handling bsc1197095. - CVE-2022-22719: use of uninitialized value of in r:parsebody in modlua bsc1197091. -...

Security update for apache2 (important)

openSUSE Security Update: Security update for apache2 Announcement ID: openSUSE-SU-2022:1031-1 Rating: important References: 1197091 1197095 1197096 1197098 Cross-References: CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVSS scores: CVE-2022-22719 NVD : 7.5...

Security fix for the ALT Linux 9 package apache2 version 1:2.4.53-alt1

1:2.4.53-alt1 built March 29, 2022 Anton Farygin in task 296912 March 20, 2022 Anton Farygin - 2.4.53 Fixes: CVE-2022-23943, CVE-2022-22721, CVE-2022-22720, CVE-2022-22719...

Security update for apache2 (important)

openSUSE Security Update: Security update for apache2 Announcement ID: openSUSE-SU-2022:0091-1 Rating: important References: 1193942 1193943 1197552 SLE-22733 SLE-22849 Cross-References: CVE-2021-44224 CVE-2021-44790 CVE-2022-1096 CVSS scores: CVE-2021-44224 NVD : 8.2...

Security fix for the ALT Linux 10 package apache2 version 1:2.4.53-alt1

1:2.4.53-alt1 built March 25, 2022 Anton Farygin in task 296911 March 20, 2022 Anton Farygin - 2.4.53 Fixes: CVE-2022-23943, CVE-2022-22721, CVE-2022-22720, CVE-2022-22719...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2022:0929-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0929-1 advisory. - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue...

Debian: Security Advisory (DLA-2960-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:0929-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...