Fixed in Apache Tomcat 10.0.0-M8

Moderate: HTTP/2 request mix-up CVE-2020-13943 If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Oracle Linux 8 : httpd:2.4 (ELSA-2020-3714)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-3714 advisory. modhttp2 1.11.3-3.1 - Resolves: 1869072 - CVE-2020-9490 httpd:2.4/modhttp2: httpd: Push diary crash on specifically crafted HTTP/2 header Tenable has extracted...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Apache 2.4.x < 2.4.46 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.46. It is, therefore, affected by multiple vulnerabilities: - modproxyuwsgi info disclosure and possible remote code execution CVE-2020-11984 - When trace/debug was enabled for the HTTP/2 module and on...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2020:2450-1)

This update for apache2 fixes the following issues : CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request bsc1175071. CVE-2020-11985: IP address spoofing when proxying using modremoteip and modrewrite bsc1175072. CVE-2020-11993: When...

Debian DSA-4757-1 : apache2 - security update

Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2020-1927 Fabrice Perez reported that certain modrewrite configurations are prone to an open redirect. - CVE-2020-1934 Chamal De Silva discovered that the modproxyftp module uses uninitialized memory when proxying to a...

[SECURITY] [DSA 4757-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4757-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 31, 2020 https://www.debian.org/security/faq -...

Low: httpd24

Issue Overview: No CVE associated with this advisory Affected Packages: httpd24 Issue Correction: Run yum update httpd24 or yum update --advisory ALAS-2020-1418 to update your system. New Packages: i686: mod24proxyhtml-2.4.46-1.90.amzn1.i686 httpd24-tools-2.4.46-1.90.amzn1.i686 ...

openSUSE Security Update : apache2 (openSUSE-2020-1293)

This update for apache2 fixes the following issues : - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request bsc1175071. - CVE-2020-11984: Fixed an information disclosure bug in modproxyuwsgi bsc1175074. - CVE-2020-11993: When trace/deb...

openSUSE Security Update : apache2 (openSUSE-2020-1285)

This update for apache2 fixes the following issues : - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request bsc1175071. - CVE-2020-11984: Fixed an information disclosure bug in modproxyuwsgi bsc1175074. - CVE-2020-11993: When trace/deb...

Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2020-1911)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2020-1904)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : httpd24 (ALAS-2020-1418)

The version of httpd24 installed on the remote host is prior to 2.4.46-1.90. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1418 advisory. 2024-10-09: CVE-2020-11984 was removed from this advisory. 2024-10-09: CVE-2020-9490 was removed from this advisory. 2024-10-09:...

Security update for apache2 (moderate)

openSUSE Security Update: Security update for apache2 Announcement ID: openSUSE-SU-2020:1293-1 Rating: moderate References: 1175070 1175071 1175074 Cross-References: CVE-2020-11984 CVE-2020-11993 CVE-2020-9490 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities is now...

OPENSUSE-SU-2020:1285-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request bsc1175071. - CVE-2020-11984: Fixed an information disclosure bug in modproxyuwsgi bsc1175074. - CVE-2020-11993: When trace/debu...

Security update for apache2 (moderate)

openSUSE Security Update: Security update for apache2 Announcement ID: openSUSE-SU-2020:1285-1 Rating: moderate References: 1174052 1175070 1175071 1175074 Cross-References: CVE-2020-11984 CVE-2020-11993 CVE-2020-9490 Affected Products: openSUSE Leap 15.2 An update that solves three vulnerabiliti...

EulerOS Virtualization for ARM 64 3.0.6.0 : haproxy (EulerOS-SA-2020-1904)

According to the versions of the haproxy package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return CR, ASCII 0x...

EulerOS Virtualization for ARM 64 3.0.6.0 : nghttp2 (EulerOS-SA-2020-1911)

According to the version of the nghttp2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1854)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging...