Debian DSA-4458-1 : cyrus-imapd - security update

A flaw was discovered in the CalDAV feature in httpd of the Cyrus IMAP server, leading to denial of service or potentially the execution of arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. C Tenable Network Security, Inc. The descriptive text and...

CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

CVE-2019-11356

CVE-2019-11356 affects Cyrus IMAP Server (cyrus-imapd) via the CalDAV feature in httpd. The root cause is a buffer overflow triggered by a long iCalendar property name in CalDAV requests, enabling remote code execution. Impact is high (per CVSS) with potential remote compromise, depending on the ...

CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

Side-channel Attack

httpd is vulnerable to side-channel attack. An implementation flaw was discovered in multiple cryptographic libraries that allows a side-channel based attacker to recover ECDSA or DSA private keys. When these cryptographic libraries use the private key to create a signature, such as for a TLS or...

Symantec Content Analysis < 2.3.1.1 affected by Multiple Vulnerabilities (SYMSA1410)

The version of Symantec Content Analysis running on the remote host is prior to version 2.3.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modmime can read one byte past the end of a buffer when sending a...

EulerOS Virtualization for ARM 64 3.0.2.0 : httpd (EulerOS-SA-2019-1631)

According to the version of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A race condition was found in modauthdigest when the web server was running in a threaded MPM configuration. It could allo...

EulerOS 2.0 SP3 : httpd (EulerOS-SA-2019-1580)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition was found in modauthdigest when the web server was running in a threaded MPM configuration. It could allow a user with valid...

FreeBSD : cyrus-imapd -- buffer overrun in httpd (10fd731c-8088-11e9-b6ae-001871ec5271)

Cyrus IMAP 3.0.10 Release Notes states : Fixed CVE-2019-11356: buffer overrun in httpd C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrine and contributors Redistribution and u...

[SECURITY] Fedora 30 Update: mod_http2-1.15.0-1.fc30

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

Fedora Update for mod_http2 FEDORA-2019-08e57d15fd

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1560)

According to the version of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In Apache httpd 2.4.0 to 2.4.29, the expression specified in i1/4oeFilesMatchi1/4z could match '$' to a newline character in a...

Arbitrary Code Execution

httpd is vulnerable to arbitrary code execution. With MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by...

Denial Of Service (DoS)

Apache HTTPD is vulnerable to denial of serviceDoS attacks. A remote user could send specially crafted and continuous SETTINGS data for an ongoing HTTP/2 connection to cause the target service to fail to timeout...

Denial Of Service (DoS)

Apache HTTPD modauthnzldap is vulnerable to denial of serviceDoS attacks if configured with AuthLDAPCharsetConfig. A remote user could send a specially crafted Accept-Language header value to trigger an out-of-bounds memory write error and potentially cause the target service to crash...

Privilege Escalation

Apache httpd is vulnerable to privilege escalation attacks. This is because the expression may not correctly match characters in a filename. The expression may match the '$' character to a newline character instead of matching only the end of the filename.On systems that allow uploading of...

Information Disclosure

redhat-certification is vulnerable to information disclosure attacks. This is because redhat-certification does not properly restrict files that could be download through the download page. A remote attacker may download any file accessible by the user running httpd...

EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server before 2.4.8 allows remote attackers...