RHEL 9 : httpd (RHSA-2024:4504)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4504 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyuwsgi HTTP respon...

Critical Photon OS Security Update - PHSA-2024-4.0-0651

Updates of 'httpd' packages of Photon OS have been released...

Fedora 40 : httpd (2024-39f1a828ed)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-39f1a828ed advisory. - version update - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

httpd: CONTINUATION frames DoS

A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...

FreeBSD : Apache httpd -- source code disclosure (5d921a8c-3a43-11ef-b611-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5d921a8c-3a43-11ef-b611-84a93843eb75 advisory. The Apache httpd project reports: isource code disclosure with handlers configured via AddType...

Slackware: Security Advisory (SSA:2024-185-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache httpd -- source code disclosure

The Apache httpd project reports: isource code disclosure with handlers configured via AddType CVE-2024-39884 Important. A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under so...

[slackware-security] httpd

New httpd packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.61-i586-1slack15.0.txz: Upgraded. This update contains the fix for the 2.4.60 regression, which has also been assigned a CVE...

Slackware: Security Advisory (SSA:2024-184-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware Linux 15.0 / current httpd Vulnerability (SSA:2024-185-02)

The version of httpd installed on the remote host is prior to 2.4.61. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-185-02 advisory. New httpd packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...

[slackware-security] httpd

New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.60-i586-2slack15.0.txz: Rebuilt. This update is to fix a regression and to note security issues that were not listed in the...

httpd:2.4/httpd security update

An update is available for module.modmd, module.modhttp2, modhttp2, modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache...

RLSA-2024:4197 Moderate: httpd:2.4/httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd:2.4: httpd: HTTP response splitting CVE-2023-38709 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Slackware Linux 15.0 / current httpd Multiple Vulnerabilities (SSA:2024-184-01)

The version of httpd installed on the remote host is prior to 2.4.60. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-184-01 advisory. New httpd packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

FreeBSD : Apache httpd -- Multiple vulnerabilities (d7efc2ad-37af-11ef-b611-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d7efc2ad-37af-11ef-b611-84a93843eb75 advisory. The Apache httpd project reports: DoS by Null pointer in websocket over HTTP/2 CVE-2024-36387...

AlmaLinux 8 : httpd:2.4/httpd (ALSA-2024:4197)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4197 advisory. httpd:2.4: httpd: HTTP response splitting CVE-2023-38709 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note...

Rocky Linux 8 : httpd:2.4/httpd (RLSA-2024:4197)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4197 advisory. httpd:2.4: httpd: HTTP response splitting CVE-2023-38709 Tenable has extracted the preceding description block directly from the Rocky Linux security advisory...

AZL-43089 CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

Moderate: Red Hat Security Advisory: httpd:2.4/httpd security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: httpd:2.4/httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd:2.4: httpd: HTTP response splitting CVE-2023-38709 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...