CVE-2024-42634

CVE-2024-42634 affects the Tenda AC9 router running v15.03.06.42. The vulnerability lies in the httpd binary’s function formWriteFacMac , enabling a command injection that allows an attacker to execute OS commands with root privileges. Impact is stated as full compromise of the device with root a...

Important: httpd

Issue Overview: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosu...

F5 Networks BIG-IP : Apache HTTPD vulnerabilities (K000140620)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6 / 17.1.2.2 / 17.5.0. It is, therefore, affected by multiple vulnerabilities as referenced in the K000140620 advisory. CVE-2024-38474Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier...

CVE-2024-27316 affecting package httpd for versions less than 2.4.61-1

CVE-2024-27316 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-38709 affecting package httpd for versions less than 2.4.61-1

CVE-2023-38709 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-40725 affecting package httpd for versions less than 2.4.62-1

CVE-2024-40725 affecting package httpd for versions less than 2.4.62-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1

CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-39884 affecting package httpd for versions less than 2.4.61-1

CVE-2024-39884 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-38473 affecting package httpd for versions less than 2.4.61-1

CVE-2024-38473 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-24795 affecting package httpd for versions less than 2.4.61-1

CVE-2024-24795 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

Oracle Linux 8 : httpd:2.4 (ELSA-2024-5193)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-5193 advisory. - Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend applications whose response headers are malicious or exploitable CVE-2024-38476 - Resolves...

httpd: Improper escaping of output in mod_rewrite

A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

httpd: Potential SSRF in mod_rewrite

A flaw was found in the modrewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the modproxy module...

httpd:2.4 security update

httpd 2.4.37-65.2.0.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-65.2 - Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend applications whose response headers are malicious or exploitable CVE-2024-38476 - Resolves: RHEL-53022 - Regression introduced by...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2024:5193 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 For more details about the security issues, including the impact,...