[SECURITY] Fedora 38 Update: mod_http2-2.0.25-1.fc38

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

Fedora 38 : httpd (2023-de4eba8d86)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-de4eba8d86 advisory. New version 2.4.58 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

CVE-2023-31122

A flaw was found in the modmacro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash. Mitigation Disabling modmacro and restarting httpd or making sure the macros used are smaller than the required...

CVE-2023-43622

A flaw was found in the modhttp2 module of httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that connection indefinitely. This vulnerability can exhaust worker resources in the server, similar to the well-known "slow loris"...

Slackware: Security Advisory (SSA:2023-292-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current httpd Multiple Vulnerabilities (SSA:2023-292-01)

The version of httpd installed on the remote host is prior to 2.4.58. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-292-01 advisory. - modmacro buffer over-read: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTT...

CVE-2023-3991

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-35965

Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is...

CVE-2023-35966

Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is...

CVE-2023-32645

A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability...

CVE-2023-35055

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

CVE-2023-34346

A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability...

CVE-2023-34426

A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...

CVE-2023-35056

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

CVE-2023-31272

A stack-based buffer overflow vulnerability exists in the httpd dowds functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...

CVE-2023-24479

An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...

Stack overflow

A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...

Buffer overflow

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

Authentication flaw

An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...

Heap overflow

Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is...