AZL-39997 CVE-2024-24795 affecting package httpd for versions less than 2.4.61-1

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue...

CVE-2024-24795

A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2023-38709

A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting. Mitigation Mitigation for this issue is either not available or t...

[slackware-security] httpd

New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.59-i586-1slack15.0.txz: Upgraded. This update fixes security issues: HTTP/2 DoS by memory exhaustion on endless continuation...

Slackware Linux 15.0 / current httpd Multiple Vulnerabilities (SSA:2024-095-01)

The version of httpd installed on the remote host is prior to 2.4.59. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-095-01 advisory. - Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP...

Apache httpd -- multiple vulnerabilities

The Apache httpd project reports: HTTP/2 DoS by memory exhaustion on endless continuation frames HTTP Response Splitting in multiple modules...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1428)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1400)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.1 : httpd (EulerOS-SA-2024-1400)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...

httpd: mod_macro: out-of-bounds read vulnerability

A flaw was found in the modmacro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1359)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1380)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2024-1273)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - When a...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1273)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-APACHE-2021-44790 Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

CentOS 9 : httpd-2.4.53-11.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the httpd-2.4.53-11.el9 build changelog. - out-of-bounds read/write of zero byte CVE-2006-20001 - Possible request smuggling CVE-2022-36760 - HTTP response splitting CVE-2022-37436...

CentOS 9 : httpd-2.4.57-2.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the httpd-2.4.57-2.el9 build changelog. - HTTP request splitting with modrewrite and modproxy CVE-2023-25690 Note that Nessus has not tested for this issue but has instead relied only on th...

CVE-2024-26342

A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet...

Null pointer dereference

A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet...

PT-2024-21362 · Asus · Asus Ac68U

Name of the Vulnerable Software and Affected Versions: ASUS AC68U version 3.0.0.4.384.82230 Description: A Null pointer dereference in usr/sbin/httpd allows remote attackers to trigger a denial of service DoS via a network packet. This issue can be exploited to cause a disruption in service...