RLSA-2024:1786 Important: httpd:2.4/mod_http2 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modhttp2: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

httpd:2.4/mod_http2 security update

An update is available for httpd, modmd, modhttp2, module.modmd, module.modhttp2, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

Oracle Linux 9 : mod_http2 (ELSA-2024-2368)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2368 advisory. 2.0.26-1 - Resolves: RHEL-14691 - modhttp2 rebase to 2.0.26 Tenable has extracted the preceding description block directly from the Oracle Linux securi...

Oracle Linux 9 : httpd (ELSA-2024-2278)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2278 advisory. - Resolves: RHEL-14447 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 Tenable has extracted the preceding description block directly from th...

[SECURITY] Fedora 38 Update: httpd-2.4.59-2.fc38

The Apache HTTP Server is a powerful, efficient, and extensible web server...

GHSA-VPW3-3PRF-3974 Apache Hive Code Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...

Apache Hive Code Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...

CVE-2023-35701

Summary (CVE-2023-35701) : The issue is an improper control of code generation (code injection) in the Apache Hive JDBC driver component . It can allow an attacker with sufficient JDBC URL permissions to trigger arbitrary commands on the machine running the JDBC client, by serving a malicious HTT...

CVE-2023-35701 Apache Hive: Arbitrary command execution via JDBC driver

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...

CVE-2023-35701 Apache Hive: Arbitrary command execution via JDBC driver

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...

CVE-2023-27360

NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-27360 NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability

NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-27360 NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability

NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-27360

CVE-2023-27360 affects NETGEAR RAX30 and involves a misconfiguration in the lighttpd HTTP server. The flaw permits network-adjacent attackers to execute arbitrary code with root privileges by exploiting file execution from untrusted sources. No authentication is required. Documented by ZDI-23-496...

[SECURITY] Fedora 39 Update: httpd-2.4.59-2.fc39

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Medium: httpd

Issue Overview: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. CVE-2023-38709 HTTP Response splitting in multiple modules in Apache HTTP Server allows an...

The vulnerability of the Web Listener component of the Oracle HTTP Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Web Listener component of the Oracle HTTP Server is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP network protocol...

Fedora 39 : httpd (2024-d0dccd6b96)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d0dccd6b96 advisory. This update includes httpd version 2.4.59, fixing various security issues and bugs. See https://downloads.apache.org/httpd/CHANGES2.4.59 for complet...

Moderate: Red Hat Security Advisory: mod_jk and mod_proxy_cluster security update

An update for modjk and modproxycluster is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...