FreeBSD : Apache httpd -- multiple vulnerabilities (8b1a50ab-8a8e-11e8-add2-b499baebfeaf)

The Apache project reports : - DoS for HTTP/2 connections by crafted requests CVE-2018-1333. By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. low - modmd, DoS via Coredumps on specially crafte...

Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2018-199-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-199-01. The text itself is copyright C Slackware Linux...

CVE-2018-10869

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd...

CVE-2018-10869

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd...

[slackware-security] httpd

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/httpd-2.4.34-i586-1slack14.2.txz: Upgraded. This update fixes two denial of service issues: modmd: DoS via Coredumps on...

Apache httpd -- multiple vulnerabilities

The Apache project reports: DoS for HTTP/2 connections by crafted requests CVE-2018-1333. By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. low modmd, DoS via Coredumps on specially crafted...

Apache Httpd < 2.4.35 : DoS for HTTP/2 connections by continuous SETTINGS

By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root Vulnerability

Exploit for hardware platform in category web applications Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Arbitrary File Attacks Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1....

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Remote Root

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Remote Root Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160...

VulnCheck KEV: CVE-2017-6549

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware...

httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir

It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use moduserdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data...

Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

Summary Multiple vulnerabilities in Apache HTTPD can cause denial of service and allow a remote attacker to bypass security restrictions and obtain sensitive information in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On. A Vulnerability in the Memcached library used by the IBM...

EulerOS 2.0 SP3 : httpd (EulerOS-SA-2018-1213)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server

Summary The following security issues have been identified in the WebSphere Application Server and IHS server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID: CVE-2017-1380 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting...

Apache Httpd < 2.4.34 : mod_md, DoS via Coredumps on specially crafted requests

By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server...

CVE-2018-10664

An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption...

CVE-2018-10664

An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption...

CVE-2018-10664

Axis IP Cameras running firmware with Axis httpd service are affected by CVE-2018-10664 due to memory corruption in the httpd process. The issue is documented as a memory corruption vulnerability in Axis IP Camera devices. ThreatPost describes a broader chain of vulnerabilities in Axis cameras th...

Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience PCA

Summary Multiple vulnerabilities in Apache HTTPD can cause denial of service and allow a remote attacker to bypass security restrictions and obtain sensitive information in IBM Tealeaf Customer Experience PCA. A Vulnerability in the Memcached library used by the IBM Tealeaf Customer Experience PC...