Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2271)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2023-2271)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affect...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, a component of IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2019-0220)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 3.9 & 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM HTTP Server, a component of IBM...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, a component of IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Netcool Configuration Manager (CVE-2019-0211, CVE-2019-0220)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM HTTP Server,...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301).

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM HTTP Server...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition (CVE-2017-12613).

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM HTTP Server...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition.

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM HTTP Server...

Cesanta Mongoose Web Server < 7.10 Improper Input Validation Vulnerability

Cesanta Mongoose Web Server is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2023-9025

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions through 2.4.58 Description The issue is related to faulty input validation in the core of Apache, allowing malicious or exploitable backend/content generators to split HTTP responses. This can be exploited by a remo...

RLSA-2023:3147 Important: apr-util security update

The Apache Portable Runtime APR is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Security Fixes: apr-util:...

CVE-2023-34188

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests...

CVE-2023-34188

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests...

CVE-2023-34188

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests...

CVE-2023-34188

CVE-2023-34188 affects the Mongoose HTTP server prior to 7.10. The issue arises when the server processes requests with negative Content-Length headers, causing an infinite loop as the payload is reparsed and preventing handling of other requests. Remediation is to upgrade to 7.10 or later (as ci...

CVE-2023-34188

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests...

Security Bulletin: Vulnerability in Apache HTTP Server ( CVE-2023-25690 ) affects Power HMC

Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2022-36760 and CVE-2022-37436 ) affects Power HMC

Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2022-36760 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent interpretation of HTTP Requests...

HTTP Fetch, Linux Command Shell, Bind TCP Random Port Inline

Fetch and execute a x86 payload from an HTTP server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/http/x86/shellbindtcprandomport msf payloadshellbindtcprandomport show actio...

HTTP Fetch, Linux Command Shell, Reverse TCP Stager (IPv6)

Fetch and execute a x86 payload from an HTTP server. Spawn a command shell staged. Connect back to attacker over IPv6 Module Options msf use payload/cmd/linux/http/x86/shell/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf...

HTTP Fetch, Linux Command Shell, Find Port Inline

Fetch and execute a x86 payload from an HTTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/http/x86/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show and...