CVE-2019-14706

A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because...

Moderate: Red Hat Security Advisory: httpd security and bug fix update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py

It was discovered that keycloak-httpd-client-install uses a predictable log file name in /tmp. A local attacker could create a symbolic link to a sensitive location, possibly causing data corruption or denial of service...

Low: Red Hat Security Advisory: keycloak-httpd-client-install security, bug fix, and enhancement update

An update for keycloak-httpd-client-install is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CentOS Update for httpd CESA-2019:1898 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

httpd:2.4 security update

httpd 2.4.37-11.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-11 - Resolves: 1695431 - CVE-2019-0211 httpd: privilege escalation from modules scripts - Resolves: 1696090 - CVE-2019-0215 httpd:2.4/httpd: modssl:...

httpd security update

2.4.6-89.0.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-89.1 - Resolves: 1719722 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in modauthdigest...

Low: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

EulerOS 2.0 SP8 : subversion (EulerOS-SA-2019-1789)

According to the version of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Subversion's moddavsvn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the...

Apache Httpd < 2.4.41 : CVE-2019-10097 mod_remoteip: Stack buffer overflow and NULL pointer dereference

When modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients...

Apache Httpd < 2.4.41 : Limited cross-site scripting in mod_proxy error page

A limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malfomed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured ...

CVE-2019-10137

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitra...

CVE-2019-10137

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitra...

CVE-2019-10137

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitra...

[SECURITY] Fedora 29 Update: mod_http2-1.15.1-1.fc29

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

CVE-2018-16119

Stack-based buffer overflow in the httpd server of TP-Link WR1043nd Firmware Version 3 allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm...

CVE-2018-16119

Stack-based buffer overflow in the httpd server of TP-Link WR1043nd Firmware Version 3 allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm...

CVE-2018-16119

Stack-based buffer overflow in the httpd server of TP-Link WR1043nd Firmware Version 3 allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm...

CVE-2018-16119

CVE-2018-16119: TP-Link WR1043ND (Firmware Version 3) httpd is vulnerable to a stack-based buffer overflow via a crafted MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm, enabling remote arbitrary code execution. The Red Hat and other CNVD/CVE records confirm the same description; no ...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update

Red Hat JBoss Core Services Pack Apache Server 2.4.29 Service Pack 2 packages for Microsoft Windows and Oracle Solaris are now available. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...