CVE-2021-46228

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpddebug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter...

Mageia: Security Advisory (MGASA-2014-0135)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: httpd24-httpd security update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

httpd: mod_lua: Possible buffer overflow when parsing multipart content

A buffer overflow flaw in httpd's lua module could allow an out-of-bounds write. An attacker who is able to submit a crafted request to an httpd instance that is using the lua module may be able to cause an impact to confidentiality, integrity, and/or availability...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CentOS: Security Advisory for httpd (CESA-2022:0143)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CentOS 7 : httpd (RHSA-2022:0143)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0143 advisory. - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow CVE-2021-26691 ...

RHEL 8 : httpd:2.4 (RHSA-2022:0258)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0258 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modlua: Possible buffer...

CentOS 8 : httpd:2.4 (CESA-2022:0258)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:0258 advisory. - httpd: modlua: Possible buffer overflow when parsing multipart content CVE-2021-44790 Note that Nessus has not tested for this issue but has instead relied on...

Oracle Linux 8 : httpd:2.4 (ELSA-2022-0258)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0258 advisory. - scoreboard: fix null pointer deference Orabug: 33690670CVE-2021-34798 - fix apescapequote logic Orabug: 33690686CVE-2021-39275 - Resolves: 2035062 -...

CVE-2021-34865

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the minihttpd service, which listens on TCP port 80 by default. The...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Extended Update Support, and Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

httpd: mod_lua: Possible buffer overflow when parsing multipart content

A buffer overflow flaw in httpd's lua module could allow an out-of-bounds write. An attacker who is able to submit a crafted request to an httpd instance that is using the lua module may be able to cause an impact to confidentiality, integrity, and/or availability...

RLSA-2022:0258 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modlua: Possible buffer overflow when parsing multipart content CVE-2021-44790 For more details about the security issues, including the impact, a CVSS score, acknowledgment...

ALSA-2022:0258 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modlua: Possible buffer overflow when parsing multipart content CVE-2021-44790 For more details about the security issues, including the impact, a CVSS score, acknowledgment...

Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modlua: Possible buffer overflow when parsing multipart content CVE-2021-44790 For more details about the security issues, including the impact, a CVSS score, acknowledgment...

httpd:2.4 security update

An update is available for httpd, modhttp2, modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful,...

httpd:2.4 security update

httpd 2.4.37-43.1.0.1 - scoreboard: fix null pointer deference Orabug: 33690670CVE-2021-34798 - fix apescapequote logic Orabug: 33690686CVE-2021-39275 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html. 2.4.37-43.1 - Resolves:...

Important: httpd

Issue Overview: There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2022:0119-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0119-1 advisory. - A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for...