CVE-2023-43885

Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device...

CVE-2023-43885

CVE-2023-43885 affects the Tenda RX9 Pro router (Firmware V22.03.02.20) through the HTTP server component. The root cause is missing error handling in the HTTP server, enabling authenticated attackers to arbitrarily lock the device. The vulnerability is assessed with a CVSSv3.1 base score of 8.1 ...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:1049)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1049 advisory. - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP...

Rocky Linux 9 : java-1.8.0-openjdk (RLSA-2022:7007)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7007 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:7647)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7647 advisory. - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Serve...

CVE-2023-43886

The CVE-2023-43886 issue affects the Tenda RX9 Pro router (v22.03.02.20). A buffer overflow in the HTTP server component (due to improper validation of incoming data length/size) could allow an authenticated attacker to overwrite memory (potentially enabling arbitrary code execution or DoS as des...

Fedora 37 : httpd (2023-3d1bf0ee44)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-3d1bf0ee44 advisory. New version 2.4.58 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora 39 : httpd (2023-606f830772)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-606f830772 advisory. New version 2.4.58 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

ALSA-2023:6403 Moderate: httpd and mod_http2 security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.57. BZ2184403 Security Fixes: httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 For more details about th...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:0258)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0258 advisory. - A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not...

RHEL 9 : httpd and mod_http2 (RHSA-2023:6403)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6403 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-31122)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Rocky Linux 8 : httpd:2.4 (RLSA-2021:3816)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3816 advisory. - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow CVE-2021-26691 -...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:1915)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1915 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this...

Rocky Linux 9 : python3.9 (RLSA-2022:8353)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8353 advisory. - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may...

Rocky Linux 8 : httpd:2.4 (RLSA-2021:4257)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4257 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash,...

Rocky Linux 8 : httpd:2.4 (RLSA-2021:1809)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1809 advisory. - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:0891)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0891 advisory. - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. CVE-2021-34798 -...

Rocky Linux 8 : httpd:2.4 (RLSA-2020:4751)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4751 advisory. - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request...

Fedora: Security Advisory (FEDORA-2023-606f830772)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...