CVE-2020-28005

httpd on TP-Link TL-WPA4220 devices hardware versions 2 through 4 allows remote authenticated users to trigger a buffer overflow causing a denial of service by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220EUV4201023...

Design/Logic Flaw

httpd on TP-Link TL-WPA4220 devices versions 2 through 4 allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220EUV4201023...

CVE-2020-24297

CVE-2020-24297 affects TP-Link TL-WPA4220 devices (versions 2–4). The httpd component exposes /admin/powerline to remote authenticated users, allowing execution of arbitrary OS commands via crafted POST requests. The fixed release is TL-WPA4220(EU)_V4_201023. Connected sources (Red Hat, CNVD, NVD...

CVE-2020-28005

httpd on TP-Link TL-WPA4220 devices hardware versions 2 through 4 allows remote authenticated users to trigger a buffer overflow causing a denial of service by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220EUV4201023...

Security Bulletin: Vulnerability in HTTPD affects IBM Integrated Analytics System

Summary Redhat provided HTTPD is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-15715 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the FilesMatch...

Security Bulletin: Vulnerability in HTTPD affects IBM Integrated Analytics System

Summary Redhat provided HTTPD is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-1303 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds memory read error in...

Oracle Linux 8 : httpd:2.4 (ELSA-2020-4751)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4751 advisory. - Resolves: 1823263 CVE-2020-1934 - CVE-2020-1934 httpd: modproxyftp use of uninitialized value - Resolves: 1823259 - CVE-2020-1927 httpd:2.4/httpd:...

Apache Httpd < 2.4.48 : mod_auth_digest possible stack overflow by one nul byte

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

Security Bulletin: Vulnerability in httpd affects IBM Integrated Analytics System

Summary Redhat provided httpd is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-15710 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds memory write error. By...

Security Bulletin: Vulnerability in HTTPD affects IBM Integrated Analytics System

Summary Redhat provided HTTPD package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-1283 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by an erro...

Security Bulletin: Vulnerability in HTTPD affects IBM Integrated Analytics System

Summary RedHat provided HTTPD package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-1301 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds access error...

httpd:2.4 security, bug fix, and enhancement update

httpd 2.4.37-13.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-30 - Resolves: 1209162 - support logging to journald from CustomLog 2.4.37-29 - Resolves: 1823263 CVE-2020-1934 - CVE-2020-1934 httpd: modproxyftp use o...

CVE-2007-0086 affecting package httpd 2.4.46-3

CVE-2007-0086 affecting package httpd 2.4.46-3. A patched version of the package is available...

httpd: mod_proxy_ftp use of uninitialized value

A flaw was found in Apache's HTTP server httpd .The modproxyftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality...

httpd: null-pointer dereference in mod_remoteip

A vulnerability was discovered in Apache httpd, in modremoteip. A trusted proxy using the "PROXY" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences. This issue...

Moderate: Red Hat Security Advisory: httpd:2.4 security, bug fix, and enhancement update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : httpd:2.4 (RHSA-2020:4751)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4751 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgrad...

RLSA-2020:4751 Moderate: httpd:2.4 security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: modhttp2 1.15.7. BZ1814236 Security Fixes: httpd: memory corruption on early pushes CVE-2019-10081 httpd: read-after-free in ...

httpd:2.4 security, bug fix, and enhancement update

An update is available for modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

CVE-2020-25680

A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from...