RHEL 7 : httpd24-httpd (RHSA-2022:0303)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0303 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modlua: Possible buffer...

Information Disclosure

jbcs-httpd24-modmd is vulnerable to information disclosure.The vulnerability exits due to lack of proper normalization of the path component of the request URL which allows an attacker to gain access to unauthorized information...

Medium: httpd24

Issue Overview: An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests. CVE-2022-26377 An out-of-bounds read vulnerability was found in the modisapi module of httpd. The...

Amazon Linux AMI : httpd24 (ALAS-2022-1584)

The version of httpd24 installed on the remote host is prior to 2.4.53-1.96. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1584 advisory. A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to ...

Important: httpd24

Issue Overview: A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest treat of this vulnerability is availability. CVE-2022-22719 A flaw was found in...

RHEL 7 : httpd24-httpd (RHSA-2022:1075)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1075 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Errors encountered during...

Important: Red Hat Security Advisory: httpd24-httpd security update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Important: httpd24

Issue Overview: There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via...

Amazon Linux AMI : httpd24 (ALAS-2022-1560)

The version of httpd24 installed on the remote host is prior to 2.4.52-1.95. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1560 advisory. There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configur...

Denial Of Service (DoS)

jbcs-httpd24 is vulnerable to denial of service DoS attacks. An attacker is able to perform a buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, resulting in a system hang...

Important: httpd24

Issue Overview: A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity. CVE-2021-33193 A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threa...

RHEL 7 : httpd24-httpd (RHSA-2021:3754)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3754 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxy: SSRF via a...

Amazon Linux AMI : httpd24 (ALAS-2021-1514)

The version of httpd24 installed on the remote host is prior to 2.4.48-1.92. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1514 advisory. A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 A flaw w...

Moderate: Red Hat Bug Fix Advisory: httpd24 bug fix and enhancement update

Updated httpd24 packages are now available as a part of Red Hat Software Collections for Red Hat Enterprise Linux. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with...

Important: Red Hat Security Advisory: httpd24-httpd security update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Amazon Linux AMI : httpd24 (ALAS-2020-1418)

The version of httpd24 installed on the remote host is prior to 2.4.46-1.90. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1418 advisory. 2024-10-09: CVE-2020-11984 was removed from this advisory. 2024-10-09: CVE-2020-9490 was removed from this advisory. 2024-10-09:...

IP Address Spoofing

httpd24-httpd is vulnerable to IP address spoofing. The vulnerability exists when proxying using modremoteip and modrewrite can cause spoof in logging and PHP scripts...

Low: httpd24

Issue Overview: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.CVE-2020-1927 In Apache HTTP Server 2.4.0 to 2.4.41,...

Amazon Linux AMI : httpd24 (ALAS-2019-1311) (Internal Data Buffering)

A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.CVE-2019-10081 A read-after-free vulnerability was discovered in Apache httpd, in modhttp2. A specially crafted http/2 client session...

Use-After-Free

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...