CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2019/09/25 12:0 a.m.•309 views

RHEL 8 : httpd:2.4 (RHSA-2019:2893)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2893 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: HTTP/2: request for large respon...

7.8CVSS7.4AI score0.2789EPSS

Exploits0References4

RedHat Linux•added 2019/09/24 1:54 p.m.•140 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS7.1AI score0.2789EPSS

Oracle linux•added 2019/09/24 12:0 a.m.•76 views

httpd:2.4 security update

httpd 2.4.37-12.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-12 - Resolves: 1744997 - CVE-2019-9511 httpd:2.4/modhttp2: HTTP/2: large amount of data request leads to denial of service - Resolves: 1745084 -...

7.8CVSS2.1AI score0.59547EPSS

Photon•added 2019/09/23 12:0 a.m.•70 views

Critical Photon OS Security Update - PHSA-2019-0178

Updates of 'linux-aws', 'linux-secure', 'linux-esx', 'linux', 'httpd' packages of Photon OS have been released...

9.1CVSS1.6AI score0.82007EPSS

Exploits10

Tenable Nessus•added 2019/09/19 12:0 a.m.•65 views

CentOS 7 : httpd (CESA-2019:2343)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.5CVSS7.1AI score0.1786EPSS

OpenVAS•added 2019/09/19 12:0 a.m.•65 views

CentOS Update for httpd CESA-2019:2343 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.1786EPSS

Tenable Nessus•added 2019/09/11 12:0 a.m.•41 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Vulnerability (NS-SA-2019-0172)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by a vulnerability: - In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated...

9.8CVSS6.4AI score0.15885EPSS

Fedora•added 2019/08/30 2:21 p.m.•62 views

[SECURITY] Fedora 30 Update: mod_http2-1.15.3-2.fc30

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

7.8CVSS1.9AI score0.59547EPSS

Fedora•added 2019/08/30 12:51 a.m.•69 views

[SECURITY] Fedora 29 Update: mod_http2-1.15.3-2.fc29

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

7.8CVSS1.9AI score0.59547EPSS

Tenable Nessus•added 2019/08/30 12:0 a.m.•32 views

CentOS 7 : keycloak-httpd-client-install (CESA-2019:2137)

An update for keycloak-httpd-client-install is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS6.3AI score0.00394EPSS

OpenVAS•added 2019/08/27 12:0 a.m.•157 views

Debian: Security Advisory (DSA-4509-3)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.7AI score0.82007EPSS

Exploits6References4

Tenable Nessus•added 2019/08/27 12:0 a.m.•35 views

Scientific Linux Security Update : httpd on SL7.x x86_64 (20190806)

Security Fixes : - httpd: modauthdigest: access control bypass due to race condition CVE-2019-0217 - httpd: URL normalization inconsistency CVE-2019-0220 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid128223;...

7.5CVSS7AI score0.1786EPSS

Tenable Nessus•added 2019/08/27 12:0 a.m.•16 views

Scientific Linux Security Update : keycloak-httpd-client-install on SL7.x x86_64 (20190806)

Security Fixes : - keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloakcli.py CVE-2017-15111 - keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line CVE-2017-15112 C Tenable Network Security, Inc. The descriptive text is C Scientific Linu...

7.8CVSS6.3AI score0.00394EPSS

Debian•added 2019/08/26 7:52 p.m.•297 views

[SECURITY] [DSA 4509-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4509-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2019 https://www.debian.org/security/faq -...

9.1CVSS8.5AI score0.82007EPSS

Exploits6

Hacker One•added 2019/08/23 1:38 p.m.•304 views

Internet Bug Bounty: mod_http2, read-after-free in h2 connection shutdown (CVE-2019-10082)

Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. This is made possible by a race condition in which nghttp2 maintains a reference to a stream after modhttp2 has destroyed it. This vulnerability has been fixed in...

6.4CVSS9.2AI score0.16549EPSS