Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2019-096-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2019-096-01. The text itself is copyright C Slackware Linu...

Internet Bug Bounty: CVE-2019-0196: mod_http2 with scoreboard Use-After-Free (Read)

A crafted HTTP2 request can trigger reference to request data from a memory pool after its destruction. This memory is subsequently used as input to an sprintf type function for constructing a string value. This unsafe memory access ultimately means that the r-therequest string is poisoned with...

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2019-1137)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expir...

[SECURITY] Fedora 30 Update: mod_http2-1.14.1-1.fc30

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

openSUSE Security Update : apache2-mod_jk (openSUSE-2019-970)

This update for apache2-modjk fixes the following issue : Security issue fixed : - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd bsc1114612. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Securit...

Apache Httpd < 2.4.41 : mod_rewrite potential open redirect

Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL...

[SECURITY] Fedora 28 Update: mod_http2-1.14.1-1.fc28

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

[SECURITY] Fedora 29 Update: mod_http2-1.14.1-1.fc29

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

Apache httpd mod_ssl TLS Renegotiation Denial of Service (CVE-2019-0190)

A denial-of-service vulnerability has been reported in Apache httpd. The vulnerability is due to improper handling of client-initiated renegotiation when using OpenSSL version 1.1.1. A remote attacker could exploit this vulnerability by sending crafted request including performing a TLS...

Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301)

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2018-1301 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds access error after a header size limit has been reached...

Apache httpd mod_md Denial of Service (CVE-2018-8011)

A denial of service vulnerability exists in the Apache httpd modmd. This vulnerability is due to insufficient input validation. Successful exploitation of this vulnerability can lead to denial of service conditions on the target server...

httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications

It has been discovered that the modsession module of Apache HTTP Server httpd, through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session" header...

mod_jk: connector path traversal due to mishandled HTTP requests in httpd

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, 14.2 to fix security issues. A bugfix release for -current is also available. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/php-5.6.40-i586-1slack14.2.txz: Upgraded. Several security bugs have been fixed in this...

Photon OS 1.0: Httpd PHSA-2017-0013

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0013. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121683;...

Photon OS 1.0: Httpd PHSA-2017-0027

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0027. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121721;...

Photon OS 1.0: Httpd PHSA-2018-1.0-0126

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0126. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121822...

Photon OS 2.0: Httpd PHSA-2018-2.0-0039

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0039. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121934...

Photon OS 2.0: Httpd PHSA-2018-2.0-0089

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0089. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121991...