57 matches found
MiracleLinux 8 : httpd:2.4 (AXSA:2022-3552:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3552:01 advisory. httpd: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 httpd: modproxyuwsgi: out-of-bounds read via a crafted request...
MiracleLinux 7 : httpd24-httpd-2.4.34-23.el7.5 (AXSA:2022-3871:03)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3871:03 advisory. httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 httpd: NULL...
Oracle Linux 8 : httpd:2.4 (ELSA-2024-3121)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3121 advisory. - Resolves: RHEL-14448 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 - Resolves: RHEL-29817 - httpd:2.4/modhttp2: httpd:...
httpd:2.4 security update
httpd 2.4.37-64.0.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-64 - Resolves: RHEL-14448 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 2.4.37-63 - modxml2enc: fix media type handling Resolves: RHEL-14321 modhttp2 1.15.7-10 - Resolves: RHEL-29817 -...
RHEL 7 : httpd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - httpd: modproxy: X-Forwarded-For dropped by hop-by-hop mechanism CVE-2022-31813 - Apache HTTP Server...
Advisory ROSA-SA-2023-2159
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: 2.4.37 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries. Exploitation of the...
Debian dla-3351 : apache2 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3351 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3351-1 [email protected]...
Debian: Security Advisory (DLA-3351-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3351-1] apache2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3351-1 [email protected] https://www.debian.org/lts/security/ Lee Garrett March 03, 2023 https://wiki.debian.org/LTS -...
K94828628: Apache mod_proxy HTTP/2 vulnerability CVE-2021-33193
Security Advisory Description A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. CVE-2021-33193 Impact There is no impact; F5 products are not...
Security Bulletin: IBM Aspera Orchestrator affected by HTTP request splitting attack due to Apache HTTP Server vulnerability (CVE-2021-33193)
Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-33193 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by improper input validation in HTTP/2 message processing. A remote attacker...
Security Bulletin: Vulnerabilities in Apache HTTP (CVE-2021-33193 and CVE-2021-44224) affects Power HMC
Summary Apache HTTP webserver is used by IBM Power Hardware Management Console HMC for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2021-33193 and CVE-2021-44224 by upgrading IBM Power Hardware...
httpd:2.4 security update
httpd 2.4.37-51.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-51 - Resolves: 2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via aprwrite - Resolves: 2097031 - CVE-2022-28615 httpd:2.4/httpd:...
Moderate: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...
Moderate: Red Hat Security Advisory: httpd24-httpd security and bug fix update
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Ubuntu: Security Advisory (USN-5090-4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 8 : httpd:2.4 (ELSA-2022-1915)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1915 advisory. - Resolves: 2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations Tenable has extracted the...
AlmaLinux 8 : httpd:2.4 (ALSA-2022:1915)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1915 advisory. httpd: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 httpd: modproxyuwsgi: out-of-bounds read via a crafted request uri-path...
RHEL 8 : httpd:2.4 (RHSA-2022:1915)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1915 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Request splittin...