Memory Corruption

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrar...

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrar...

Use-After-Free

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrar...

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrar...

Denial Of Service (DoS)

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a...

RHEL 6 / 7 : httpd24-httpd and httpd24-mod_auth_mellon (RHSA-2019:0746)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0746 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...

Amazon Linux AMI : httpd24 (ALAS-2019-1189)

In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulating the scoreboar...

Use After Free

httpd24 is vulnerable to information disclosure attacks. The vulnerability exists as Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This...

Authorization Bypass

httpd24-httpd is vulnerable to authorization bypass attacks. The vulnerability exists as the modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding...

Medium: httpd24

Issue Overview: By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.33.CVE-2018-8011 Affected Packages: httpd24 Issue...

Amazon Linux AMI : httpd24 / httpd (ALAS-2017-896) (Optionsbleed)

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret...

Amazon Linux AMI : httpd24 (ALAS-2017-863)

apfindtoken buffer overread : A buffer over-read flaw was found in the httpd's apfindtoken function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. CVE-2017-7668 Apache HTTP Request Parsing Whitespace Defects : It was discovered...

Medium: httpd24

Issue Overview: apfindtoken buffer overread: A buffer over-read flaw was found in the httpd's apfindtoken function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. CVE-2017-7668 Apache HTTP Request Parsing Whitespace Defects: It wa...

Moderate: Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update

Updated httpd24 packages are now available as a part of Red Hat Software Collections 2.4 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Amazon Linux AMI : httpd24 (ALAS-2017-785)

The following security-related issues were fixed : Padding oracle vulnerability in Apache modsessioncrypto CVE-2016-0736 DoS vulnerability in modauthdigest CVE-2016-2161 Apache HTTP request parsing whitespace defects CVE-2016-8743 C Tenable Network Security, Inc. The descriptive text and package...

Medium: httpd24

Issue Overview: The following security-related issues were fixed: Padding oracle vulnerability in Apache modsessioncrypto CVE-2016-0736 DoS vulnerability in modauthdigest CVE-2016-2161 Apache HTTP request parsing whitespace defects CVE-2016-8743 Affected Packages: httpd24 Issue Correction: Run yu...

Amazon Linux: Security Advisory (ALAS-2016-725)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: httpd24, httpd

Issue Overview: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remot...

Moderate: Red Hat Security Advisory: rh-php56-php security update

Updated rh-php56-php packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...