RHEL 9 : httpd (RHSA-2024:5138)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5138 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backe...

ROS-20240808-03

A vulnerability in the HTTP server of the Node.js software platform is related to uncontrolled resource consumption as a result of reading an unlimited number of bytes from a single connection while processing HTTP requests. as a result of reading an unlimited number of bytes from a single...

ROS-20240806-10

A vulnerability in the HTTP2 handler component of the Apache HTTP Server web server is related to the ability to The vulnerability in the HTTP2 handler component of Apache HTTP Server is related to the ability to generate a stream of requests within an established network connection, without...

RHEL 9 : httpd (RHSA-2024:5001)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5001 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2024-681)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-681 advisory. A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. AddType and similar configuration, under some...

Important: httpd

Issue Overview: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosu...

Fedora: Security Advisory (FEDORA-2024-e7e73befad)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-de08df1535)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K000140579: Apache vulnerability CVE-2024-39884

Security Advisory Description A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of...

Exploit for Server-Side Request Forgery in Apache Http_Server

It is an offensive tool for web applications. The repository app...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-40898, CVE-2024-40725)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

ROS-20240801-01

A vulnerability in the modrewrite function of Apache HTTP Server is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

RHEL 7 : httpd (RHSA-2024:4938)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4938 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Substitution...

twisted.web has disordered HTTP pipeline response

Summary The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. PoC 0. Start a fresh Debian container: sh docker run --workdir /repro --rm -it debian:bookworm-slim 1. Install twisted and its dependencies...

AZL-47151 CVE-2024-41671 affecting package python-twisted for versions less than 22.10.0-3

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1...

CVE-2024-41671

Twisted.web’s HTTP 1.0/1.1 server could process pipelined requests out of order, leading to information disclosure. Affected component: Twisted (Twisted.web). Root cause: disordered handling of pipelined HTTP requests. Impact: potential information disclosure as described in CVE-2024-41671. Remed...

CVE-2024-41671

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1...

CVE-2024-41671 twisted.web has disordered HTTP pipeline response

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1...

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server (CVE-2024-40898, CVE-2024-40725)

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-40898 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error...