CBL Mariner 2.0 Security Update: httpd (CVE-2023-27522)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27522 advisory. - HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP...

CBL Mariner 2.0 Security Update: httpd (CVE-2009-1890)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2009-1890 advisory. - The streamreqbodycl function in modproxyhttp.c in the modproxy module in the Apache HTTP Server before 2.3.3,...

Fedora: Security Advisory for httpd (FEDORA-2023-7df48f618b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: httpd-2.4.56-1.fc36

The Apache HTTP Server is a powerful, efficient, and extensible web server...

SUSE SLES15: apache2 / apache2-devel / apache2-doc / apache2-prefork / etc (SUSE-SU-2023:1573-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1573-1 advisory. - CVE-2023-27522: Fixed HTTP response splitting in modproxyuwsgi bsc1209049. - CVE-2023-25690: Fixed HTTP request splitting with...

Fedora 36 : httpd (2023-7df48f618b)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7df48f618b advisory. - new version 2.4.56 - security update for CVE-2023-27522 and CVE-2023-25690 Tenable has extracted the preceding description block directly from the...

Debian: Security Advisory (DSA-5376-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-136)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-136 advisory. Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form...

USN-5942-2: Apache HTTP Server vulnerability

USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Original advisory details: Lars Krapf discovered that the Apache HTTP Server modproxy module incorrectly handled certain configurations. A remote attacker...

K000133098: Apache vulnerability CVE-2023-25690

Security Advisory Description Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerability (USN-5942-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5942-2 advisory. USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Tenable has extract...

Important: httpd

Issue Overview: Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion o...

Important: httpd

Issue Overview: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-20001 Inconsistent...

Zyxel Unauthenticated LAN Remote Code Execution Exploit

This Metasploit module exploits a buffer overflow in the zhttpd binary /bin/zhttpd. It is present on more than 40 Zyxel routers and CPE devices. The code execution vulnerability can only be exploited by an attacker if the zhttp webserver is reachable. No authentication is required. After...

Amazon Linux AMI : httpd24 (ALAS-2023-1711)

The version of httpd24 installed on the remote host is prior to 2.4.56-1.100. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1711 advisory. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory...

SUSE SLES12: apache2 / apache2-doc / apache2-example-pages / apache2-prefork / etc (SUSE-SU-2023:0803-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0803-1 advisory. - CVE-2023-25690: Fixed HTTP request splitting with modrewrite and modproxy bsc1209047. Tenable has extracted the preceding description bloc...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

Important: httpd

Issue Overview: Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion o...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-115)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-115 advisory. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to cras...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-072)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-072 advisory. There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the...