Lucene search
K

21 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.26 views

RHEL 8 : mod_http2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - httpd: Use-after-free on HTTP/2 stream shutdown CVE-2018-1302 Note that Nessus has not tested for this issue but ha...

5.9CVSS6.1AI score0.13436EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/28 12:0 a.m.54 views

Oracle Linux 8 : httpd:2.4 (ELSA-2024-3121)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3121 advisory. - Resolves: RHEL-14448 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 - Resolves: RHEL-29817 - httpd:2.4/modhttp2: httpd:...

9.8CVSS7.2AI score0.99999EPSS
Exploits30References3
Oracle linux
Oracle linux
added 2024/05/24 12:0 a.m.70 views

httpd:2.4 security update

httpd 2.4.37-64.0.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-64 - Resolves: RHEL-14448 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 2.4.37-63 - modxml2enc: fix media type handling Resolves: RHEL-14321 modhttp2 1.15.7-10 - Resolves: RHEL-29817 -...

7.5CVSS7.5AI score0.99999EPSS
Exploits30
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.30 views

RHEL 8 : httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - httpd: Use-after-free on HTTP/2 stream shutdown CVE-2018-1302 Note that Nessus has not tested for this issue but ha...

5.8AI score0.13436EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2022/12/16 9:48 p.m.37 views

K11509465: Apache mod_http2 vulnerability CVE-2018-1302

Security Advisory Description When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usua...

5.9CVSS6.5AI score0.13436EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.32 views

SUSE: Security Advisory (SUSE-SU-2018:1161-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.86006EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2020/09/29 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2020-2016)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.13436EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/09/29 12:0 a.m.45 views

EulerOS Virtualization for ARM 64 3.0.6.0 : mod_http2 (EulerOS-SA-2020-2016)

According to the version of the modhttp2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have writt...

5.9CVSS6.7AI score0.13436EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/02/18 4:55 p.m.161 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update

Red Hat JBoss Core Services Pack Apache Server 2.4.29 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now available. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

9.8CVSS6.7AI score0.90647EPSS
Exploits1References14
OpenVAS
OpenVAS
added 2018/10/04 12:0 a.m.54 views

Ubuntu: Security Advisory (USN-3783-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.3AI score0.51002EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/10/04 12:0 a.m.54 views

Ubuntu 18.04 LTS : Apache HTTP Server vulnerabilities (USN-3783-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3783-1 advisory. Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issu...

7.5CVSS6.8AI score0.51002EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/05/08 12:0 a.m.53 views

SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:1161-1)

This update for apache2 fixes the following issues : - CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814. -...

9.8CVSS6.5AI score0.86006EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2018/04/06 12:0 a.m.31 views

Fedora 27 : mod_http2 (2018-0a95bff197)

This update includes the latest upstream release of modhttp2, version 1.10.16. This includes a security fix CVE-2018-1302 : When an HTTP/2 stream was destroyed after being handled, modhttp2 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by th...

5.9CVSS6.8AI score0.13436EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/04/04 12:0 a.m.77 views

Apache HTTP Server Denial of Service Vulnerability (Apr 2018) - Linux

Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.9CVSS6.5AI score0.13436EPSS
Exploits0References3
ALT Linux
ALT Linux
added 2018/03/31 12:0 a.m.42 views

Security fix for the ALT Linux 10 package apache2 version 1:2.4.33-alt1

March 31, 2018 Anton Farygin 1:2.4.33-alt1 - 2.4.33 - fixes: CVE-2018-1303 low: Possible out of bound read in modcachesocache CVE-2018-1302 low: Possible write of after free on HTTP/2 stream shutdown CVE-2018-1301 low: Possible out of bound access after failure in reading the HTTP request...

6.8CVSS7.2AI score0.86006EPSS
Exploits0
ALT Linux
ALT Linux
added 2018/03/31 12:0 a.m.58 views

Security fix for the ALT Linux 8 package apache2 version 1:2.4.33-alt1

March 31, 2018 Anton Farygin 1:2.4.33-alt1 - 2.4.33 - fixes: CVE-2018-1303 low: Possible out of bound read in modcachesocache CVE-2018-1302 low: Possible write of after free on HTTP/2 stream shutdown CVE-2018-1301 low: Possible out of bound access after failure in reading the HTTP request...

6.8CVSS7.3AI score0.86006EPSS
Exploits0
ALT Linux
ALT Linux
added 2018/03/31 12:0 a.m.45 views

Security fix for the ALT Linux 9 package apache2 version 1:2.4.33-alt1

March 31, 2018 Anton Farygin 1:2.4.33-alt1 - 2.4.33 - fixes: CVE-2018-1303 low: Possible out of bound read in modcachesocache CVE-2018-1302 low: Possible write of after free on HTTP/2 stream shutdown CVE-2018-1301 low: Possible out of bound access after failure in reading the HTTP request...

6.8CVSS7.2AI score0.86006EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/03/30 12:0 a.m.216 views

Apache 2.4.x < 2.4.33 Multiple Vulnerabilities (deprecated)

This plugin has been deprecated due to apache2433.nasl plugin ID 122060 performing the same version check. Use apache2433.nasl plugin ID 122060 instead. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2019/10/21. Deprecated by apache2433.nasl plugin ID 122060. include"compat.inc"; if...

9.8CVSS6.7AI score0.86006EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2018/03/26 3:49 p.m.29 views

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

5.9CVSS2.9AI score0.13436EPSS
Exploits0References2
OSV
OSV
added 2018/03/26 3:29 p.m.24 views

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

5.9CVSS6.8AI score
Exploits0References23
Rows per page
Query Builder