EulerOS 2.0 SP5 : httpd (EulerOS-SA-2019-1295)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition was found in modauthdigest when the web server was running in a threaded MPM configuration. It could allow a user with valid...

Important Photon OS Security Update - PHSA-2019-0230

Updates of 'httpd' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2019-0013

Updates of 'tar', 'httpd' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2019-3.0-0013

Updates of 'httpd', 'tar' packages of Photon OS have been released...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0230

An update of 'httpd' packages of Photon OS has been released...

CVE-2018-14557

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44CNAC7, AC9 devices with firmware through V15.03.05.196318CNAC9, and AC10 devices with firmware through V15.03.06.23CNAC10. A buffer overflow vulnerability exists in the router's web server httpd. When processing the pa...

CVE-2018-14559

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44CNAC7, AC9 devices with firmware through V15.03.05.196318CNAC9, and AC10 devices with firmware through V15.03.06.23CNAC10. A buffer overflow vulnerability exists in the router's web server httpd. When processing the li...

CVE-2018-14559

CVE-2018-14559 describes a buffer overflow in Tenda devices (AC7 firmware V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN) caused by writing POST list parameters with sprintf to a stack variable in the httpd web server, which can overwrite a return address. Primary impact is high...

CVE-2018-14557

CVE-2018-14557 affects Tenda AC7/AC9/AC10 devices (firmware lines V15.03.06.44_CN AC7; V15.03.05.19(6318)_CN AC9; V15.03.06.23_CN AC10 and earlier) where the router’s httpd web server is vulnerable to a buffer overflow. The issue arises when processing POST page parameters: the value is written w...

PT-2019-2951 · Red Hat +1 · Spacewalk-Proxy +1

Name of the Vulnerable Software and Affected Versions: spacewalk-proxy versions through 2.9 Description: A path traversal flaw was found in the way the proxy processes cached client tokens. This issue could allow a remote, unauthenticated attacker to test the existence of arbitrary files or execu...

Raptor WAF v0.6 - Web Application Firewall using DFA

Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross site scripting and path traversal. http://funguscodes.blogspot.com.br/ to run: $ git clone https://github.com/CoolerVoid/raptorwaf $ cd raptorwaf; make; bin/raptor Note: Don't execute with "cd bin; ./raptor" us...

Code injection

data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked...

CVE-2019-11344

data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked...

Amazon Linux 2 : httpd (ALAS-2019-1189)

In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulating the scoreboar...

RHEL 6 / 7 : httpd24-httpd and httpd24-mod_auth_mellon (RHSA-2019:0746)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0746 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...

Apache Httpd < 2.4.41 : mod_http2, read-after-free in h2 connection shutdown

Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown...

Apache Httpd < 2.4.41 : mod_http2, DoS attack by exhausting h2 workers.

A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections...

Apache Httpd < 2.4.41 : mod_http2, memory corruption on early pushes

HTTP/2 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client...

ALPINE-CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...

Fedora 29 : httpd (2019-119b14075a)

This update includes the latest upstream release of Apache httpd, version 2.4.39, including multiple bug and security fixes. To see the full list of changes in this release, see: https://www.apache.org/dist/httpd/CHANGES2.4.39 The following security vulnerabilities are addressed : - CVE-2019-0211...