20 matches found
TencentOS Server 3: httpd:2.4 (TSSA-2022:0017)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0017 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Alibaba Cloud Linux 3 : 0017: httpd:2.4 (ALINUX3-SA-2022:0017)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0017 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-0190: A bug exists in the way...
Photon OS 3.0: Httpd PHSA-2019-3.0-0013
An update of the httpd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0013. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
BELL-CVE-2019-0190 CVE-2019-0190 does not affect BellSoft software
Bulletin has no description...
Slackware: Security Advisory (SSA:2019-022-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Photon OS 2.0: Httpd PHSA-2019-2.0-0157
An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0157. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid124680...
Security Bulletin: Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2019-0190; CVE-2018-17189; CVE-2018-17199)
Summary Apache HTTP Server has security vulnerabilities that allows a remote attacker to exploit the application. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability Details This section includes the vulnerability details that affects the Rational...
Important: httpd24
Issue Overview: In Apache HTTP server by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections. CVE-2018-17189 A bug exists in the way modss...
KLA12364 Multiple vulnerabilities in Apache HTTP Server
Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in modsessioncookie can be exploited to spoof user interface. 2...
Security Bulletin: Vulnerabilities CVE-2018-17199, CVE-2018-17189, and CVE-2019-0190 in the IBM i HTTP Server affect IBM i.
Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-0190 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the improper handling of client negotiations by modssl. By sending a specially crafted...
DEBIAN-CVE-2019-0190
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
CVE-2019-0190
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
CVE-2019-0190
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
CVE-2019-0190
Apache HTTP Server mod_ssl denial of service (CVE-2019-0190) occurs when renegotiations are mishandled with OpenSSL 1.1.1+, causing a loop and potential DoS. According to ALAS-2019-1166 and related advisories, the fix is to upgrade to Apache httpd 2.4.38 (mod_ssl 2.4.38) or newer; affected compon...
CVE-2019-0190
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
Security fix for the ALT Linux 10 package apache2 version 1:2.4.38-alt1
Jan. 25, 2019 Anton Farygin 1:2.4.38-alt1 - 2.4.38 - fixes: important: modssl 2.4.37 remote DoS when used with OpenSSL 1.1.1. CVE-2019-0190 low: modsessioncookie does not respect expiry time. CVE-2018-17199 low: DoS for HTTP/2 connections via slow request bodies. CVE-2018-17189...
FreeBSD : Apache -- vulnerability (eb888ce5-1f19-11e9-be05-4c72b94353b5)
The Apache httpd Project reports : SECURITY: CVE-2018-17199 modsession: modsessioncookie does not respect expiry time allowing sessions to be reused. SECURITY: CVE-2019-0190 modssl: Fix infinite loop triggered by a client-initiated renegotiation in TLSv1.2 or earlier with OpenSSL 1.1.1 and later...
Apache 2.4.x < 2.4.38 Multiple Vulnerabilities
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.38. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability exists in HTTP/2 steam handling. An unauthenticated, remote attacker can exploit this issue, via...
Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2019-022-01)
New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2019-022-01. The text itself is copyright C Slackware Linux...
Apache -- vulnerability
The Apache httpd Project reports: SECURITY: CVE-2018-17199 modsession: modsessioncookie does not respect expiry time allowing sessions to be reused. SECURITY: CVE-2019-0190 modssl: Fix infinite loop triggered by a client-initiated renegotiation in TLSv1.2 or earlier with OpenSSL 1.1.1 and later. ...