Photon OS 1.0: Httpd PHSA-2020-1.0-0290

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0290. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid136106...

CVE-2020-8798

httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network...

CVE-2020-8798

httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network...

Design/Logic Flaw

httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network...

CVE-2020-8798

httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network...

CVE-2020-8798

The vulnerability CVE-2020-8798 affects Juplink RX4-1500 routers (firmware versions v1.0.3–v1.0.5). The httpd service exposes an unauthenticated setup3.htm endpoint on the local network, which allows remote attackers to change or access router settings. The exposed detail in connected CNVD/NVD en...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0290

An update of 'openjdk', 'linux', 'openjdk11', 'envoy', 'linux-esx', 'httpd', 'PyYAML', 'systemd' packages of Photon OS has been released...

Photon OS 2.0: Httpd PHSA-2020-2.0-0228

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0228. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid135864...

Photon OS 3.0: Httpd PHSA-2020-3.0-0079

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0079. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid135787...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20200407)

httpd: modsessioncookie does not respect expiry time httpd: Out of bounds write in modauthnzldap when using too small Accept-Language values httpd: Out of bounds access after failure in reading the HTTP request C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1505)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1505)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : httpd (EulerOS-SA-2020-1455)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple...

Denial Of Service (DoS)

Subversion SVN is vulnerable to denial of service DoS. The vulnerability exists through a flaw found in the way the moddavsvn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a...

Information Disclosure

httpd is vulnerable to information disclosure. The vulnerability exists as the httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this fla...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges such as a PHP or CGI script could use this flaw to cause the parent httpd process t...

Man-in-the-Middle (MitM)

httpd is vulnerable to man-in-the-middle MiTM. The vulnerability exists as it was discovered that the fix for CVE-2011-3368 released via RHSA-2011:1391 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly...

Arbitrary Code Execution

httpd is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as it was discovered that modproxyajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where...

Information Disclosure

httpd is vulnerable to information disclosure. The vulnerability exists as it was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule...