K05415626: Apache HTTPD vulnerability CVE-2017-7659

Security Advisory Description A maliciously constructed HTTP/2 request could cause modhttp2 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. CVE-2017-7659 Impact A remote attacker can use a maliciously crafted HTTP/2 request to cause an abnormal termination on the Apache...

SUSE: Security Advisory (SUSE-SU-2018:0261-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668 and CVE-2017-7679 in IBM i HTTP Server

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmime. By sending a specially crafted Content-Ty...

SUSE-SU-2018:0261-1 Recommended update for apache2

This update for apache2 fixes several issues. These security issues were fixed: - CVE-2017-9789: When under stress closing many connections the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour bsc1048575. - CVE-2017-7659: A...

Apache HTTPD mod_http2 Null Pointer Dereference (CVE-2017-7659)

A null pointer dereference vulnerability exists in the modhttp2 module of Apache HTTPD. This vulnerability is due to improper handling of HTTP requests. A remote, unauthenticated attacker could exploit these vulnerability by sending maliciously crafted HTTP request to the affected server...

CVE-2017-7659

A maliciously constructed HTTP/2 request could cause modhttp2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process...

CVE-2017-7659

A maliciously constructed HTTP/2 request could cause modhttp2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process...

CVE-2017-7659

The CVE-2017-7659 issue affects the Apache HTTP Server (mod_http2) where a malicious HTTP/2 request could dereference a NULL pointer and crash the server process. Concrete details across connected docs show this vulnerability in Apache httpd before a fixed release (2.4.26) and are addressed by va...

Apple Mac OS X Multiple Code Execution Vulnerabilities (HT208221)

Apple Mac OS X is prone to multiple code execution vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : httpd (2017-9ded7c5670)

File /etc/sysconfig/httpd is ghosted now ---- Version update ---- Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

Fedora 26 : httpd (2017-81976b6a91)

Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

Fedora Update for httpd FEDORA-2017-cf9599a306

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 24 : httpd (2017-cf9599a306)

Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

Debian DSA-3896-1 : apache2 - security update

Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2017-3167 Emmanuel Dreyfus reported that the use of apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. - CVE-2017-3169 Vasileios Panopoulos of...

[SECURITY] [DSA 3896-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3896-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 22, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3896-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3896-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 22, 2017 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3896-1 (apache2 - security update)

Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of...

Debian: Security Advisory (DSA-3896-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : Apache httpd -- several vulnerabilities (0c2db2aa-5584-11e7-9a7d-b499baebfeaf)

The Apache httpd project reports : - apgetbasicauthpw Authentication Bypass CVE-2017-3167 : Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. - modssl NULL pointer Dereference CVE-2017-3169:modssl may...