Node.js: Http response is not ended although underlying socket is already destroyed

Summary: When node server receives http request and hooks to end, finish and error events are attached on response object to handle cases when response is closed/ended but underlying socket is abruptly terminated then none of those events is fired. This leads to state when response seems to be...

keycloak-httpd-client-install security, bug fix, and enhancement update

0.8-1 - Resolves: rhbz1673716 - Rebase k-h-c-i to version 0.8 - The rebase also includes fixes for: - rhbz1533190 - CVE-2017-15111 keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloakcli.py - rhbz1533202 - CVE-2017-15112 keycloak-httpd-client-install: unsafe use of...

httpd security and bug fix update

2.4.6-90.0.1 - replace index.html with Oracles index page oracleindex.html Resolves: 1566317 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in modauthdigest - Resolves: 1696141 - CVE-2019-0217 httpd: modauthdigest: access control bypass due to race condition - Resolves: 1696096 -...

Oracle Linux 8 : httpd:2.4 (ELSA-2019-0980)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-0980 advisory. - Resolves: 1695431 - CVE-2019-0211 httpd: privilege escalation from modules scripts - Resolves: 1696090 - CVE-2019-0215 httpd:2.4/httpd: modssl: acces...

NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)

The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple vulnerabilities: - Off-by-one error in the modssl Certificate Revocation List CRL verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a...

Oracle Linux 7 : httpd (ELSA-2019-1898)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1898 advisory. 2.4.6-89.0.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-89.1 - Resolves: 1719722 - CVE-2018-1312 httpd: Weak Digest auth nonce...

NewStart CGSL MAIN 4.05 : httpd Vulnerability (NS-SA-2019-0156)

The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by a vulnerability: - A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the Allow and Deny configuration lines to be parsed incorrectly. A web...

RHEL 7 : httpd (RHSA-2019:1898)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1898 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Weak Digest auth nonce...

RHEL 7 : httpd (RHSA-2019:2343)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2343 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modauthdigest:...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20190729)

Security Fixes : - httpd: Weak Digest auth nonce generation in modauthdigest CVE-2018-1312 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid127725; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate",...

RHEL 7 : keycloak-httpd-client-install (RHSA-2019:2137)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2137 advisory. The keycloak-httpd-client-install packages provide various libraries and tools that can automate and simplify the configuration of Apache...

CentOS 7 : httpd (CESA-2019:1898)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Authorization Bypass

httpd is vulnerable to authorization bypass. The vulnerability exists through URL normalization inconsistency...

Authorization Bypass

httpd is vulnerable to authorization bypass. The vulnerability exists as modauthdigest has an access control bypass issue due to race condition...

Unauthorized File Overwrite

keycloak-httpd-client-install is vulnerable to unauthorized file overwrite. Unsafe creation of log file in /tmp via the --log-file option in keycloakcli.py allows local attackers to overwrite other files via symbolic link...

CVE-2019-14700

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists...

CVE-2019-14704

An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field...

CVE-2019-14703

A CSRF issue was discovered in webparam?user&action=set&param=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account...

CVE-2019-14702

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account...

CVE-2019-14698

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account...