11634 matches found
ROS-20240815-16
Vulnerability in authentication and authorization module for Apache 2.x HTTP server Modauthopenidc is related to an uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...
F5 Networks BIG-IP : Apache HTTP server vulnerability (K000140693)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000140693 advisory. Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules ...
Important: httpd
Issue Overview: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosu...
GraphQL Vulnerabilities and Common Attacks: Seen in the Wild
In our previous blog, we provided an overview of GraphQL security, along with details and examples of common attacks. Building on that foundation, this blog will take a closer look at real-world examples of GraphQL attacks that have recently occurred. We will explore the methods used by attackers...
Moderate: Red Hat Security Advisory: mod_auth_openidc:2.3 security update
An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
K000140693: Apache HTTP server vulnerability CVE-2024-39573
Security Advisory Description Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. CVE-2024-39573...
httpd: Potential SSRF in mod_rewrite
A flaw was found in the modrewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the modproxy module...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP5 security update
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP5 security update
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: mod_auth_openidc:2.3 security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating...
ALSA-2024:5289 Moderate: mod_auth_openidc:2.3 security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating...
RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP5 (RHSA-2024:5239)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5239 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...
Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 For more details about the security issues, including the impact,...
ALSA-2024:5193 Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 For more details about the security issues, including the impact,...
ROS-20240812-15
Apache HTTP Server kernel vulnerability is related to ignoring outdated configuration of the of handlers by the "AddType" function. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information. remotely to disclose protected information Vulnerability...
CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
httpd: Security issues via backend applications whose response headers are malicious or exploitable
A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...
K000140618: Apache HTTPD vulnerability CVE-2024-38476
Security Advisory Description Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60,...
Important: httpd security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 For more details about the security issues, including the impact,...
ALSA-2024:5138 Important: httpd security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 For more details about the security issues, including the impact,...