Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0228

An update of 'libvirt', 'httpd', 'file' packages of Photon OS has been released...

CentOS 7 : httpd (RHSA-2020:1121)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1121 advisory. - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the...

Moderate Photon OS Security Update - PHSA-2020-0079

Updates of 'httpd' packages of Photon OS have been released...

Moderate Photon OS Security Update - PHSA-2020-3.0-0079

Updates of 'httpd' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2020-0228

Updates of 'httpd', 'file', 'libvirt' packages of Photon OS have been released...

CVE-2019-10082

A read-after-free vulnerability was discovered in Apache httpd, in modhttp2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash. Mitigation This flaw is only exploitable if Apache htt...

CVE-2019-10092

A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation. Mitigation This flaw is only exploitable ...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS due to memory corruption on early pushes...

httpd: read-after-free in h2 connection shutdown

A read-after-free vulnerability was discovered in Apache httpd, in modhttp2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash...

httpd: null-pointer dereference in mod_remoteip

A vulnerability was discovered in Apache httpd, in modremoteip. A trusted proxy using the "PROXY" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences. This issue...

httpd: limited cross-site scripting in mod_proxy error page

A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation...

httpd security, bug fix, and enhancement update

2.4.6-93.0.1 - replace index.html with Oracles index page oracleindex.html 2.4.6-93 - Resolves: 1677496 - CVE-2018-17199 httpd: modsessioncookie does not respect expiry time 2.4.6-92 - htpasswd: add SHA-2 crypt support 1486889 2.4.6-91 - Resolves: 1630886 - scriptlet can fail if hostname is not...

CVE-2016-0736

It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack...

CVE-2020-8423

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 firmware version 3.16.9 devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network...

CVE-2020-8423

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 firmware version 3.16.9 devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network...

Buffer overflow

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 firmware version 3.16.9 devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network...

CVE-2020-8423

TP-Link TL-WR841N V10 (firmware 3.16.9) is affected by CVE-2020-8423 due to a buffer overflow in the httpd daemon. The flaw permits an authenticated remote attacker to execute arbitrary code by sending a GET request to the Wi‑Fi network configuration page. Affected component: httpd daemon on the ...

CVE-2020-8423

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 firmware version 3.16.9 devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network...

EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1359)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the...

EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1370)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential...