Amazon Linux 2 : httpd (ALAS-2019-1341)

A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.CVE-2019-10092 A vulnerability was...

Medium: httpd

Issue Overview: A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.CVE-2019-10092 A...

Amazon Linux AMI : httpd24 (ALAS-2019-1311) (Internal Data Buffering)

A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.CVE-2019-10081 A read-after-free vulnerability was discovered in Apache httpd, in modhttp2. A specially crafted http/2 client session...

Amazon Linux 2 : keycloak-httpd-client-install (ALAS-2019-1324)

It was discovered that keycloak-httpd-client-install uses a predictable log file name in /tmp. A local attacker could create a symbolic link to a sensitive location, possibly causing data corruption or denial of service.CVE-2017-15111 In keycloak-http-client-install prior to version 0.8, the admi...

Photon OS 1.0: Httpd PHSA-2019-1.0-0253

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0253. The text itself is copyright C VMware, Inc. include"compat.inc"; if description scriptid130109...

Photon OS 3.0: Httpd PHSA-2019-3.0-0035

An update of the httpd package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0035. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid130101;...

Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal (CVE-2015-8743)

Summary IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-8743 DESCRIPTION: Apache HTTPD is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied...

Critical Photon OS Security Update - PHSA-2019-0035

Updates of 'unbound', 'python2', 'subversion', 'httpd', 'openjdk8', 'sudo' packages of Photon OS have been released...

Medium: httpd24

Issue Overview: A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.CVE-2019-10081 A read-after-free vulnerability was discovered in Apache httpd, in modhttp2. A specially crafted http/...

Critical Photon OS Security Update - PHSA-2019-3.0-0035

Updates of 'sudo', 'unbound', 'httpd', 'python2', 'subversion', 'openjdk8' packages of Photon OS have been released...

nostromo nhttpd path traversal vulnerability

nostromo nhttpd is an open source web server . A path traversal vulnerability exists in the 'httpverify' function in nostromo nhttpd 1.9.6 and earlier. The vulnerability stems from a failure of a network system or product to properly filter special elements in the path of a resource or file. An...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0253

An update of 'httpd' packages of Photon OS has been released...

NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2019-0202)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/',...

NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Vulnerability (NS-SA-2019-0182)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by a vulnerability: - In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated...

Critical Photon OS Security Update - PHSA-2019-0253

Updates of 'httpd' packages of Photon OS have been released...

Apache Httpd mod_proxy - Error Page Cross-Site Scripting

Apache Httpd modproxy - Error Page Cross-Site Scripting The trick is to use a vertical tab %09 and then place another URL in the tag. So once a victim clicks the link on the error page, she will go somewhere else. As you can see, the browser changes the destination from relative / to an absolute...

Apache Httpd mod_rewrite - Open Redirects

Apache Httpd modrewrite - Open Redirects Normal URLs like http://redirect.local/test will be forwared to https://redirect.local/test. But by using newlines CVE 2019-10098, we can redirect somewhere else i.e. to https://redirect.local.evilwebsite.com: curl -Ik...

Apache Httpd mod_rewrite - Open Redirects

Normal URLs like http://redirect.local/test will be forwared to https://redirect.local/test. But by using newlines CVE 2019-10098, we can redirect somewhere else i.e. to https://redirect.local.evilwebsite.com: curl -Ik 'https://redirect.local/%0a.evilwebsite.com' --path-as-is HTTP/2 302 date: Mon...

Apache Httpd mod_proxy - Error Page Cross-Site Scripting

The trick is to use a vertical tab %09 and then place another URL in the tag. So once a victim clicks the link on the error page, she will go somewhere else. As you can see, the browser changes the destination from relative / to an absolute url https://enoflag.de. The exploit is...

CVE-2017-7679

A buffer over-read flaw was found in the httpds modmime module. A user permitted to modify httpds MIME configuration could use this flaw to cause httpd child process to crash...