httpd security update

2.4.6-97.0.3.1 - modsession: save one aprstrtok Orabug: 33338149CVE-2021-26690...

Clustered Data ONTAP Denial of Service Vulnerability

Clustered Data ONTAP is a proprietary operating system used by NetApp for storage disk arrays.A denial-of-service vulnerability exists in Clustered Data ONTAP. An attacker could exploit this vulnerability to cause the httpd server to crash...

The vulnerability of the httpd microprogramming software in NETGEAR Wi-Fi routers such as R6400, R6400v2, R6700v3, R6900P, R7000, R7000P, R7850, R7900P, R7960P, R8000, R8000P, RAX15, RAX20, RAX200, RAX35v2, RAX38v2, RAX40v2, RAX42, RAX43, RAX45, RAX48, RAX50, RAX50S, RAX75, RAX80, RAXE450, RAXE500, RS400, WNDR3400v3, WNR3500Lv2, D6220, D6400, and wireless repealers like EX6120, EX6130, EX7500, allows a perpetrator to execute arbitrary code.

The vulnerability of the httpd microprogramming software in NETGEAR Wi-Fi routers such as R6400, R6400v2, R6700v3, R6900P, R7000, R7000P, R7850, R7900P, R7960P, R8000, R8000P, RAX15, RAX20, RAX200, RAX35v2, RAX38v2, RAX40v2, RAX42, RAX43, RAX45, RAX48, RAX50, RAX50S, RAX75, RAX80, RAXE450, RAXE50...

CVE-2021-27005

Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server...

CVE-2021-27005

CVE-2021-27005 affects NetApp Clustered Data ONTAP. Versions 9.6 and higher before 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are vulnerable to a remote HTTPD crash (DoS). Root cause details are not fully disclosed in the provided documents, but multiple sources confirm a denial-of-service impact via the ...

CVE-2021-27005

Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server...

NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. T...

NETGEAR 安全漏洞

NETGEAR is a router from the American company NETGEAR. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR routers that could be exploited by a network neighbor attacker to execute arbitrary code on multiple...

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When...

PT-2021-4633 · NetGear · Netgear R6700 +29

Name of the Vulnerable Software and Affected Versions: NETGEAR R6400 versions R6400 through R6400v2 NETGEAR R6700 versions R6700v3 NETGEAR R6900P NETGEAR R7000 versions R7000 through R7000P NETGEAR R7850 NETGEAR R7900P NETGEAR R7960P NETGEAR R8000 versions R8000 through R8000P NETGEAR RAX15 NETGE...

F5 Networks BIG-IP : Apache HTTPD vulnerability (K72382141)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.7 / 16.1.4 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K72382141 advisory. - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Serve...

NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Multiple Vulnerabilities (NS-SA-2021-0159)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by multiple vulnerabilities: - In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching onl...

Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 CVE-2021-41773. If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-2586)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache 2.4.49/2.4.50 Traversal RCE', 'Description' = %q This module exploit an unauthenticated RCE vulnerability which exists in Apache version...

CLSA-2021-1634922666 Fixed CVE-2021-39275 in httpd

CVE-2021-39275: apescapequotes algorithm which led to buffer overflow...

PT-2021-6149 · Tp Link · Tp-Link Tl-Wr940N

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR940N version 3.20.1 Build 200316 Rel.34392n 5553 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N routers. Authentication is required to exploit th...

PT-2021-6150 · Tp Link · Tp-Link Tl-Wr940N

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR940N version 3.20.1 Build 200316 Rel.34392n 5553 Description: The issue results from the lack of proper access control within the httpd service, which listens on TCP port 80 by default. This allows network-adjacent attackers to...

Fedora: Security Advisory for httpd (FEDORA-2021-aaf90ef84a)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for httpd (FEDORA-2021-ae829e54ab)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...