RHEL 5 : apr-util,_httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - apr-util, httpd: Billion laughs attack regression CVE-2016-6312 Note that Nessus has not tested for this issue but...

httpd security update

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

RLSA-2024:2564 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

RLSA-2024:2278 Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

F5 Networks BIG-IP : Apache httpd vulnerability (K000139447)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139447 advisory. - HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious...

CVE-2021-34982

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The...

CVE-2021-34982

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The...

CVE-2021-34983

NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit...

CVE-2021-34983 NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability

NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit...

CVE-2021-34983

NETGEAR multiple routers are affected by a pre-authentication httpd limitation that allows network-adjacent attackers to disclose sensitive information and potentially stored credentials. Root cause: lack of authentication before access to system configuration via the httpd service (port 80). The...

CVE-2021-34983 NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability

NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit...

CVE-2021-34982 NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The...

CVE-2021-34982

The CVE-2021-34982 entry describes a pre-auth, remote code execution vulnerability in the httpd service of NETGEAR routers. The flaw is a stack-based buffer overflow caused by unchecked length of user-supplied data in the strings file, leading to code execution with root privileges when a network...

httpd: CONTINUATION frames DoS

A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...

CVE-2023-38709 affecting package httpd for versions less than 2.4.59-1

CVE-2023-38709 affecting package httpd for versions less than 2.4.59-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-27316 affecting package httpd for versions less than 2.4.59-1

CVE-2024-27316 affecting package httpd for versions less than 2.4.59-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-24795 affecting package httpd for versions less than 2.4.59-1

CVE-2024-24795 affecting package httpd for versions less than 2.4.59-1. An upgraded version of the package is available that resolves this issue...

httpd:2.4/mod_http2 security update

An update is available for httpd, modmd, modhttp2, module.modmd, module.modhttp2, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

RLSA-2024:1786 Important: httpd:2.4/mod_http2 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modhttp2: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

CVE-2023-50224

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability...