CBL Mariner 2.0 Security Update: httpd (CVE-2024-38473)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38473 advisory. - Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect...

OESA-2024-1847 mod_http2 security update

Modhttp2 is an official Apache httpd module, first released in 2.4.17. See Apache downloads to get a released version. modproxyhttp2 has been released in 2.4.23. Security Fixes: Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a...

Slackware: Security Advisory (SSA:2024-200-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] httpd

New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.62-i586-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. The first CVE is for Windows, but th...

CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1

CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-39884 affecting package httpd for versions less than 2.4.61-1

CVE-2024-39884 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-38473 affecting package httpd for versions less than 2.4.61-1

CVE-2024-38473 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

AZL-43414 CVE-2024-40725 affecting package httpd for versions less than 2.4.62-1

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

Slackware Linux 15.0 / current httpd Multiple Vulnerabilities (SSA:2024-200-01)

The version of httpd installed on the remote host is prior to 2.4.62. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-200-01 advisory. New httpd packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

Apache httpd -- Source code disclosure with handlers configured via AddType

The Apache httpd project reports: source code disclosure with handlers configured via AddType CVE-2024-40725 Important: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1963)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1886)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2024-1936)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.CVE-2023-38709...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1910)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1936)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2024-1963)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.CVE-2023-38709...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2024-1910)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.CVE-2023-38709 HTT...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2024-1886)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.CVE-2023-38709 HTT...

Critical Photon OS Security Update - PHSA-2024-3.0-0771

Updates of 'emacs', 'httpd' packages of Photon OS have been released...

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...