httpd: mod_http2 concurrent pool usage

A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by modhttp2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability...

httpd: mod_proxy_uwsgi buffer overflow

A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...

RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP5 (RHSA-2020:4384)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4384 advisory. This release adds the new Apache HTTP Server 2.4.37 Service Pack 5 packages that are part of the JBoss Core Services offering. This...

CVE-2020-26561

Belkin LINKSYS WRT160NL 1.0.04.002US20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in createdir in minihttpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintai...

PT-2020-16458 · Acme +1 · Mini Httpd +1

Name of the Vulnerable Software and Affected Versions: Belkin LINKSYS WRT160NL version 1.0.04.002 US 20130619 Description: The issue is a stack-based buffer overflow due to the use of sprintf in the create dir function of mini httpd. This can lead to arbitrary code execution if successfully...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20201001)

Security Fixes : - httpd: Improper handling of headers in modsession can allow a remote user to modify session data for CGI applications CVE-2018-1283 - httpd: Out of bounds read in modcachesocache can allow a remote attacker to cause DoS CVE-2018-1303 - httpd: modrewrite configurations vulnerabl...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-2224)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 7 : httpd (RHSA-2020:3958)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3958 advisory. - In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching onl...

CVE-2020-17409

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-2175)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-2165)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2020-2175)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash wh...

CVE-1999-0236 affecting package httpd 2.4.46-3

CVE-1999-0236 affecting package httpd 2.4.46-3. A patched version of the package is available...

CVE-1999-1412 affecting package httpd 2.4.46-3

CVE-1999-1412 affecting package httpd 2.4.46-3. A patched version of the package is available...

vulhub

This is a Docker Compose file for a vulnerability environment. It is a collection of services that can be used to test and demonstrate various types of vulnerabilities. The file is written in YAML format and defines the services, their ports, and the networks they use. The file contains several...

httpd security, bug fix, and enhancement update

2.4.6-95.0.1 - replace index.html with Oracles index page oracleindex.html 2.4.6-95 - Resolves: 1823262 - CVE-2020-1934 httpd: modproxyftp use of uninitialized value 2.4.6-94 - Resolves: 1565491 - CVE-2017-15715 httpd: bypass with a trailing newline in the file name - Resolves: 1747283 -...

DEBIAN-CVE-2020-25623

Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used...

UBUNTU-CVE-2020-25623

Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used...

httpd: mod_rewrite potential open redirect

A vulnerability was discovered in Apache httpd, in modrewrite. Certain self-referential modrewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers...

Moderate: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...