113 matches found
[SECURITY] Fedora 27 Update: mod_http2-1.11.1-1.fc27
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...
[SECURITY] Fedora 28 Update: mod_http2-1.11.1-1.fc28
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...
[SECURITY] Fedora 27 Update: mod_http2-1.10.16-1.fc27
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...
Amazon Linux AMI : mod_dav_svn / subversion (ALAS-2016-676)
It was found that when an SVN server both svnserve and httpd with the moddavsvn module searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable for example, if it had been moved. CVE-2015-3187 An integer overflow wa...
Moderate: Red Hat Security Advisory: subversion security update
Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4
It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...
Amazon Linux AMI : httpd24 (ALAS-2015-579)
It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. CVE-2015-3185...
Medium: httpd24
Issue Overview: It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...
Debian DSA-3331-1 : subversion - security update
Several security issues have been found in the server components of the version control system subversion. - CVE-2015-3184 Subversion's modauthzsvn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that...
Security update for php5 (important)
PHP was updated to fix three security issues. The following vulnerabilities were fixed: CVE-2015-3330: Specially crafted PHAR files could, when executed under Apache httpd 2.4 apache2handler, allow arbitrary code execution bnc928506 CVE-2015-3329: Specially crafted PHAR data could lead to...
Updated ocsinventory packages fix security vulnerability
Multiple cross-site scripting XSS vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors CVE-2014-4722. Also, the web interface has been fixed to work with Apache HTTPD 2.4...
Fedora 17 : BackupPC-3.2.1-10.fc17 (2012-20968)
cleanup build macros for Fedora - fix deprecated qw messages partial fix for bz 755076 - CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm bz 795017, 795018, 795019 - Broken configuration for httpd 2.4 bz 871353 Note that Tenable Network Security has extracted the preceding description block...
Fedora 18 : awstats-7.0-11.fc18 (2012-18364)
added more hardening in parsing input data and adjusted awstats.conf for httpd-2.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...