SUSE SLED12 / SLES12 Security Update : apache2 (SUSE-SU-2021:2006-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2006-1 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest...

CVE-2021-31618

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...

CVE-2021-31618

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...

Null pointer dereference

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...

CVE-2021-31618

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...

CVE-2021-31618

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...

CVE-2021-31618 NULL pointer dereference on specially crafted HTTP/2 request

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...

CVE-2021-31618

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...

[ASA-202106-23] apache: denial of service

Arch Linux Security Advisory ASA-202106-23 ========================================== Severity: High Date : 2021-06-09 CVE-ID : CVE-2021-31618 Package : apache Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2041 Summary ======= The package apache before version...

PT-2021-3858 · Apache +9 · Apache Http Server +9

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.17 through 2.4.48 Description: A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod proxy, which can lead to request splitting or cache poisoning. This issue is related to...

Apache Httpd < 2.4.48 : NULL pointer dereference on specially crafted HTTP/2 request

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...

PT-2021-2443

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 8.5.0 through 8.5.61 Apache Tomcat versions 9.0.0.M1 through 9.0.41 Apache Tomcat versions 10.0.0-M1 through 10.0.0 Description: The issue is related to the implementation of the HTTP/2 protocol in Apache Tomcat, which...

MGASA-2020-0397 Updated tomcat packages fix a security vulnerability

If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than t...

Apache Tomcat 10.0.0-M1 < 10.0.0-M8 Information Disclosure

The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57. It is, therefore, affected by a vulnerability. If an HTTP/2 client exceeds the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2...

Debian: Security Advisory (DLA-2407-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Tomcat 9.0.0.M1 < 9.0.38

The version of Tomcat installed on the remote host is prior to 9.0.38. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.38security-9 advisory. - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57...

CVE-2020-13943

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

Fixed in Apache Tomcat 8.5.58

Moderate: HTTP/2 request mix-up CVE-2020-13943 If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo...

EulerOS Virtualization for ARM 64 3.0.3.0 : haproxy (EulerOS-SA-2019-2329)

According to the versions of the haproxy package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missing...

CVE-2019-10079

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions...