httpd:2.4 security update

httpd 2.4.37-51.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-51 - Resolves: 2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via aprwrite - Resolves: 2097031 - CVE-2022-28615 httpd:2.4/httpd:...

RHEL 9 : httpd (RHSA-2022:8067)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8067 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgrad...

NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Vulnerability (NS-SA-2022-0076)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by a vulnerability: - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP...

CVE-2022-29888

A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability...

CentOS 8 : httpd:2.4 (CESA-2022:7647)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7647 advisory. - httpd: modlua: Use of uninitialized value of in r:parsebody CVE-2022-22719 - httpd: core: Possible buffer overflow with very large or unlimited...

RHEL 8 : httpd:2.4 (RHSA-2022:7647)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7647 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/wri...

httpd: mod_lua: Use of uninitialized value of in r:parsebody

A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest threat from this vulnerability is to system availability...

httpd: Out-of-bounds read via ap_rwrite()

An out-of-bounds read vulnerability was found in httpd. A very large input to the aprputs and aprwrite functions can lead to an integer overflow and result in an out-of-bounds read...

httpd: Out-of-bounds read in ap_strcmp_match()

An out-of-bounds read vulnerability was found in httpd. A very large input to the apstrcmpmatch function can lead to an integer overflow and result in an out-of-bounds read...

httpd: mod_sed: DoS vulnerability

A flaw was found in the modsed module of httpd. A very large input to the modsed module can result in a denial of service due to excessively large memory allocations...

httpd: mod_proxy_ajp: Possible request smuggling

An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests...

httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write...

RLSA-2022:7647 Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of uninitialized value of in r:parsebody CVE-2022-22719 httpd: core: Possible buffer overflow with very...

httpd:2.4 security update

An update is available for httpd, modhttp2, modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful,...

ALSA-2022:7647 Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of uninitialized value of in r:parsebody CVE-2022-22719 httpd: core: Possible buffer overflow with very...

Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of uninitialized value of in r:parsebody CVE-2022-22719 httpd: core: Possible buffer overflow with very...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2653)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2685)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-2653)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module...

[slackware-security] php80/php81

New php80/php81 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php80/php80-8.0.25-i586-1slack15.0.txz: Upgraded. This update fixes security issues: GD: OOB read due to insufficient input validation in...