httpd: mod_mime buffer overread

A buffer over-read flaw was found in the httpd's modmime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash...

httpd: Uninitialized memory reflection in mod_auth_digest

It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...

httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)

A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash...

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 6 / 7 : Red Hat JBoss Web Server (RHSA-2017:3113)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3113 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implement...

Brother Debut Embedded Httpd Unauthenticated Denial Of Service (CVE-2017-16249)

A denial of service vulnerability exists in Brother Debut embedded httpd server . A remote attacker can exploit this vulnerability by sending a specially crafted message to an affected system...

Amazon Linux AMI : httpd (ALAS-2017-921)

Hash character matches all IPs : A regression was found in httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. CVE-2017-12171 C Tenable Network Security, In...

httpd: Uninitialized memory reflection in mod_auth_digest

It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server security and bug fix update

An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Medium: httpd

Issue Overview: Hash character matches all IPs: A regression was found in httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. CVE-2017-12171 Affected...

EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1253)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in a...

EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1252)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in a...

Apache httpd mod_auth_digest Memory Access Denial of Service (CVE-2017-9788)

A memory access error exists in Apache httpd. This vulnerability is due to an error in accessing uninitialized memory and failing to reset it while processing Authorization and Proxy-Authorization HTTP headers. A remote, unauthenticated attacker could exploit this vulnerability by sending...

CentOS 6 : httpd (CESA-2017:2972) (Optionsbleed)

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CentOS Update for httpd CESA-2017:2972 centos6

Check the version of httpd SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882791";...

RedHat Update for httpd RHSA-2017:2972-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 6 : httpd (ELSA-2017-2972)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2972 advisory. 2.2.15-60.0.1.6 - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.2.15-60.6 - Resolves: 1493061 -...

RHEL 6 : httpd (RHSA-2017:2972)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2972 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: A use-after-free flaw w...

Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20171019) (Optionsbleed)

Security Fixes : - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child...

httpd: # character matches all IPs

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource...