Medium: curl

Issue Overview: This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this b...

Amazon Linux 2 : curl (ALAS-2024-2531)

The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2531 advisory. This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise...

Ubuntu: Security Advisory (USN-6729-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: httpd

Issue Overview: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. CVE-2023-38709 HTTP Response splitting in multiple modules in Apache HTTP Server allows an...

Moderate: mod_jk and mod_proxy_cluster security update

The modjk module is a plugin for the Apache HTTP Server to connect it with the Apache Tomcat servlet engine. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fixes: httpd: Apache Tomcat Connectors modjk Information Disclosure...

Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

RHEL 9 : mod_http2 (RHSA-2024:2368)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2368 advisory. The modhttp2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd:...

ALSA-2024:2387 Moderate: mod_jk and mod_proxy_cluster security update

The modjk module is a plugin for the Apache HTTP Server to connect it with the Apache Tomcat servlet engine. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fixes: httpd: Apache Tomcat Connectors modjk Information Disclosure...

ALSA-2024:2278 Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

USN-6729-3: Apache HTTP Server vulnerabilities

USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue ...

Fedora 40 : llhttp / python-aiohttp (2024-2f15e6e876)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-2f15e6e876 advisory. Update llhttp to 9.2.1, fixing CVE-2024-27982. Backport llhttp 9.2.1 support to python-aiohttp 3.9.3. Tenable has extracted the preceding description block...

Ubuntu 24.04 LTS. : Apache HTTP Server vulnerabilities (USN-6729-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-3 advisory. USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-606)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-606 advisory. This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then...

Fedora 40 : httpd (2024-937be154d8)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-937be154d8 advisory. This update includes httpd version 2.4.59, fixing various security issues and bugs. See https://downloads.apache.org/httpd/CHANGES2.4.59 for complet...

Fedora 40 : nodejs20 (2024-2ffe03eaa6)

"The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2ffe03eaa6 advisory. 2024-04-03, Version 20.12.1 'Iron' LTS, @RafaelGSS This is a security release Notable Changes CVE-2024-27983 - Assertion failed in...

ROS-20240425-01

Vulnerability of Apache HTTP Server web server in the part of HTTP/2 protocol implementation is related to uncontrolled resource consumption due to incorrect header termination detection during CONTINUATION frame processing. CONTINUATION frames. Exploitation of the vulnerability could allow an...

ROS-20240423-01

Apache HTTP Server vulnerability is related to blocking HTTP/2 connection processing if it was opened with 0 initial sliding window size. was opened with the initial sliding window size set to 0. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of servic...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, which is used by IBM WebSphere Application Server in IBM Rational ClearQuest (CVE-2024-24795, CVE-2023-38709)

Summary IBM HTTP Server is used by IBM WebSphere Application Server WAS in IBM Rational ClearQuest server and web components. Information about security vulnerability affecting IBM HTTP Server used by WAS has been published in a security bulletin. Vulnerability Details Refer to the security...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1543)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2024:1355-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1355-1 advisory. - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc12222...