Critical Photon OS Security Update - PHSA-2021-4.0-0118

Updates of 'httpd' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2021-0406

Updates of 'httpd', 'libgd' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2021-0444

Updates of 'httpd' packages of Photon OS have been released...

Amazon Linux 2 : httpd (ALAS-2021-1716)

The version of httpd installed on the remote host is prior to 2.4.51-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1716 advisory. A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity...

CVE-2021-41773 affecting package httpd 2.4.49-1

CVE-2021-41773 affecting package httpd 2.4.49-1. An upgraded version of the package is available that resolves this issue...

CVE-2019-17567 affecting package httpd 2.4.46-6

CVE-2019-17567 affecting package httpd 2.4.46-6. An upgraded version of the package is available that resolves this issue...

CVE-2021-34798 affecting package httpd 2.4.46-6

CVE-2021-34798 affecting package httpd 2.4.46-6. An upgraded version of the package is available that resolves this issue...

CVE-2017-1000118 affecting package httpd 2.4.46-3

CVE-2017-1000118 affecting package httpd 2.4.46-3. An upgraded version of the package is available that resolves this issue...

CVE-2021-39275 affecting package httpd 2.4.46-6

CVE-2021-39275 affecting package httpd 2.4.46-6. An upgraded version of the package is available that resolves this issue...

CVE-2021-36160 affecting package httpd 2.4.46-6

CVE-2021-36160 affecting package httpd 2.4.46-6. An upgraded version of the package is available that resolves this issue...

CVE-2021-41524 affecting package httpd 2.4.49-1

CVE-2021-41524 affecting package httpd 2.4.49-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-40438 affecting package httpd 2.4.46-6

CVE-2021-40438 affecting package httpd 2.4.46-6. An upgraded version of the package is available that resolves this issue...

Oracle Linux 7 : httpd (ELSA-2021-3856)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-3856 advisory. 2.4.6-97.0.1.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-97.1 - Resolves: 2011729 - CVE-2021-40438 httpd: modproxy: SSRF via a crafte...

Important: httpd

Issue Overview: A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity. CVE-2021-33193 A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threa...

RHEL 7 : httpd (RHSA-2021:3856)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3856 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxy: SSRF via a...

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat...

httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"

A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...

httpd security update

2.4.6-97.0.1.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-97.1 - Resolves: 2011729 - CVE-2021-40438 httpd: modproxy: SSRF via a crafted request uri-path containing 'unix:'...

Oracle Linux 8 : httpd:2.4 (ELSA-2021-3816)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3816 advisory. - Resolves: 2007234 - CVE-2021-40438 httpd:2.4/httpd: modproxy: SSRF via a crafted request uri-path Tenable has extracted the preceding description blo...

httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"

A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...