Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-38472 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by improper...

PT-2024-10732 · Undefined · Undefined

"Source": "CVE FEED", "Title": "CVE-2019-19761 - "CVE-2021-38776: IBM HTTP Server Information Disclosure"", "Content": "CVE ID : CVE-2019-19761 Published : July 29, 2024, 8:15 p.m. | 38 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering...

PT-2024-10605 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a remote code execution problem. No specific details about the number of potentially affected devices or real-world incidents are provided. Recommendations: At...

PT-2024-10730 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a Cross-Site Scripting XSS problem. No specific details about affected devices, real-world incidents, or technical exploitation details are provided...

PT-2024-5828 · Twisted +4 · Twisted +4

Name of the Vulnerable Software and Affected Versions: Twisted versions prior to 24.7.0rc1 Description: The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This issue is related to the incorrect...

macOS 14.x < 14.6 Multiple Vulnerabilities (HT214119)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.6. It is, therefore, affected by multiple vulnerabilities: - A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. CVE-2023-27952 -...

ROS-20240729-17

Vulnerability in modrewrite module of Apache HTTP Server is related to insufficient checking of incoming requests. of incoming requests. Exploitation of the vulnerability could allow a remote attacker, gain unauthorized access to the device by forging requests on behalf of the server...

[SECURITY] Fedora 39 Update: darkhttpd-1.16-1.fc39

darkhttpd is a secure, lightweight, fast and single-threaded HTTP/1.1 server. Features: Simple to set up: Single binary, no other files. Standalone, doesn't need inetd or ucspi-tcp. No messing around with config files. Written in C - efficient and portable. Small memory footprint. Event loop,...

CBL Mariner 2.0 Security Update: httpd (CVE-2024-40725)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40725 advisory. - A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy...

CBL Mariner 2.0 Security Update: httpd (CVE-2024-40898)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40898 advisory. - SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTM...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Analysis How does it work? Below is a deta...

CLSA-2024-1722003981 httpd: Fix of 5 CVEs

CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: modrewrite: server weakness in modrewrite when first segment of substitution matches filesystem path - CVE-2024-38477: modproxy: crash resulting in Denial of Service in modproxy via a...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2024-40898, CVE-2024-40725)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server.

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Apache HTTP Server: source code disclosure with handlers configured via AddType

...

ROS-20240726-05

Apache HTTP Server web server vulnerability is related to failure to take measures to handle sequences of CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker acting remotely, Perform HTTP response splitting attacks Apache HTTP Server vulnerability is related ...

httpd: NULL pointer dereference in mod_proxy

A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service...

VulnCheck KEV: CVE-2023-25690

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

The vulnerability of the uh_tcp_recv_header() function in the HTTP-server of the microprogramming-based Wi-Fi extension devices from Actiontec, WCB6200Q, allows a hacker to execute arbitrary code.

The vulnerability of the uhtcprecvheader function in the HTTP-server of the microprogrammed Wi-Fi extension software from Actiontec WCB6200Q involves copying buffers without checking the size of the input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

RHEL 9 : httpd (RHSA-2024:4863)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4863 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Substitution...