Heartbleed Persists on 200,000 Servers, Devices

Almost 200,000 servers and devices are still vulnerable to Heartbleed, the OpenSSL flaw patched nearly three years ago. The numbers come from search engine Shodan, which released data showing U.S. servers hosted on Amazon AWS are disproportionately vulnerable to the flaw. “There’s a lot to be...

Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2016-358-01) (httpoxy)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-358-01. The text itself is copyrig...

Fedora 24 : httpd (2016-d22f50d985)

Security fix for CVE-2016-8743, CVE-2016-2161, CVE-2016-0736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing addition...

Fedora 25 : httpd (2016-8d9b62c784)

Security fix for CVE-2016-8743, CVE-2016-2161, CVE-2016-0736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing addition...

Fedora Update for httpd FEDORA-2016-8d9b62c784

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for httpd FEDORA-2016-d22f50d985

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 25 Update: httpd-2.4.25-1.fc25

The Apache HTTP Server is a powerful, efficient, and extensible web server...

[slackware-security] httpd

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/httpd-2.4.25-i586-1slack14.2.txz: Upgraded. This update fixes the following security issues: CVE-2016-8740: modhttp2:...

Apache httpd -- several vulnerabilities

Apache Software Foundation reports: Please reference CVE/URL list for details...

CVE-2016-8612

An error was found in protocol parsing logic of modcluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process...

httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4

It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release

Red Hat JBoss Core Services httpd 2.4.23 is now available from the Red Hat Customer Portal for Solaris and Microsoft Windows systems. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

Fedora Update for httpd FEDORA-2016-b39fedec11

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 24 : httpd (2016-b39fedec11)

Security fix for CVE-2016-8740 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

Fedora Update for httpd FEDORA-2016-260d22944d

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : httpd (2016-260d22944d)

Security fix for CVE-2016-8740 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

Apache httpd -- denial of service in HTTP/2

modhttp2 reports: The Apache HTTPD web server from 2.4.17-2.4.23 did not apply limitations on request headers correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a the server allocates too much memory instead of denying the request. This...

PT-2016-3172

Name of the Vulnerable Software and Affected Versions Apache httpd versions 2.2.x through 2.2.32 Apache httpd versions 2.4.x through 2.4.25 Description The issue is related to the use of the ap get basic auth pw function by third-party modules outside of the authentication phase, which may lead t...

Apache Httpd < 2.2.34 : mod_ssl Null Pointer Dereference

modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...

Apache Httpd < 2.4.26 : mod_ssl Null Pointer Dereference

modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...