httpd: <FilesMatch> bypass with a trailing newline in the file name

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-2103)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-2018)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : httpd (RHSA-2020:3958)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3958 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Improper handlin...

httpd: Push diary crash on specifically crafted HTTP/2 header

A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability...

Important: Red Hat Security Advisory: httpd24-httpd security update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 8 : httpd:2.4 (RHSA-2020:3734)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3734 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Push diary crash on...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

httpd:2.4 security update

modhttp2 1.11.3-3.1 - Resolves: 1869072 - CVE-2020-9490 httpd:2.4/modhttp2: httpd: Push diary crash on specifically crafted HTTP/2 header...

RHEL 8 : httpd:2.4 (RHSA-2020:3726)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3726 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Push diary crash on...

httpd: Push diary crash on specifically crafted HTTP/2 header

A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : httpd:2.4 (RHSA-2020:3714)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3714 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Push diary crash on...

Fedora 31 : httpd (2020-0d3d3f5072)

This release includes the latest stable version of Apache httpd, version 2.4.46. A security issue is addressed in this update : - CVE-2020-11984 modproxyuwsgi: Malicious request may result in information disclosure or RCE of existing file on the server running under a malicious process environmen...

Fedora: Security Advisory for httpd (FEDORA-2020-0d3d3f5072)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for httpd (FEDORA-2020-189a1e6c3e)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 32 : httpd (2020-189a1e6c3e)

This release includes the latest stable version of Apache httpd, version 2.4.46. A security issue is addressed in this update : - CVE-2020-11984 modproxyuwsgi: Malicious request may result in information disclosure or RCE of existing file on the server running under a malicious process environmen...

Debian: Security Advisory (DSA-4757-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4757-1 : apache2 - security update

Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2020-1927 Fabrice Perez reported that certain modrewrite configurations are prone to an open redirect. - CVE-2020-1934 Chamal De Silva discovered that the modproxyftp module uses uninitialized memory when proxying to a...