Important: httpd

Issue Overview: A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows CVE-2020-13938 A flaw was found In Apache httpd. The modproxy has a NULL...

AZL-6474 CVE-2020-13950 affecting package httpd for versions less than 2.4.46-10

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

AZL-6477 CVE-2021-26691 affecting package httpd for versions less than 2.4.46-10

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

Apache httpd -- Multiple vulnerabilities

The Apache httpd reports: moderate: modproxywstunnel tunneling of non Upgraded connections CVE-2019-17567 moderate: Improper Handling of Insufficient Privileges CVE-2020-13938 low: modproxyhttp NULL pointer dereference CVE-2020-13950 low: modauthdigest possible stack overflow by one nul byte...

CVE-2021-30641

A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity. Mitigation This issue can be mitigated by setting the "MergeSlashes" directive to OFF...

CVE-2019-17567

A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. Mitigation Only configurations which use modproxywstunnel are affected by this flaw. It is also safe to comment-out the "LoadModule proxywstunnelmodule ... " line in...

CVE-2021-26691

A heap overflow flaw was found In Apache httpd modsession. The highest threat from this vulnerability is to system availability. Mitigation Only configurations which use the "SessionEnv" directive which is not widely used are vulnerable to this flaw. SessionEnv is not enabled in default...

Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2021-158-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2021-158-01. The text itself is copyrig...

[slackware-security] httpd

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/httpd-2.4.48-i586-1slack14.2.txz: Upgraded. This release contains security fixes and improvements. modhttp2: Fix a potenti...

CVE-2021-26690

A NULL pointer dereference was found in Apache httpd modsession. The highest threat from this vulnerability is to system availability. Mitigation Only configurations which use the "SessionEnv" directive which is not widely used are vulnerable to this flaw. SessionEnv is not enabled in default...

CVE-2020-35452

A flaw was found in Apache httpd. The modauthdigest has a single zero byte stack overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation Only configurations which use modauthdigest are affected by this flaw. Also as...

CVE-2021-31618

A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request. A remote attacker could use this flaw to crash the httpd child process, causing temporary denial of service...

PT-2021-9681 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.0 through 2.4.46 Description: The issue allows unprivileged local users to stop the httpd service on Windows. This was discovered by Ivan Zhakov. Recommendations: For Apache HTTP Server versions 2.4.0 through...

httpd:2.4 security, bug fix, and enhancement update

httpd 2.4.37-39.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-39 - prevent htcacheclean from while break when first file processed 2.4.37-38 - Resolves: 1918741 - Thousands of /tmp/modproxy.tmp. files created by...

RHEL 8 : httpd:2.4 (RHSA-2021:1809)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1809 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsessioncookie...

CentOS 8 : httpd:2.4 (CESA-2021:1809)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1809 advisory. - httpd: modsessioncookie does not respect expiry time CVE-2018-17199 - httpd: modproxyuwsgi buffer overflow CVE-2020-11984 - httpd: modhttp2 concurren...

httpd: mod_proxy_uwsgi buffer overflow

A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...

Moderate: Red Hat Security Advisory: httpd:2.4 security, bug fix, and enhancement update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: httpd:2.4 security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsessioncookie does not respect expiry time CVE-2018-17199 httpd: modproxyuwsgi buffer overflow CVE-2020-11984 httpd: modhttp2 concurrent pool usage CVE-2020-11993 For mor...

httpd:2.4 security, bug fix, and enhancement update

An update is available for httpd, modhttp2, modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful,...