Scientific Linux Security Update : httpd on SL7.x x86_64 (20190806)

Security Fixes : - httpd: modauthdigest: access control bypass due to race condition CVE-2019-0217 - httpd: URL normalization inconsistency CVE-2019-0220 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid128223;...

Scientific Linux Security Update : keycloak-httpd-client-install on SL7.x x86_64 (20190806)

Security Fixes : - keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloakcli.py CVE-2017-15111 - keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line CVE-2017-15112 C Tenable Network Security, Inc. The descriptive text is C Scientific Linu...

[SECURITY] [DSA 4509-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4509-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2019 https://www.debian.org/security/faq -...

Internet Bug Bounty: mod_http2, read-after-free in h2 connection shutdown (CVE-2019-10082)

Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. This is made possible by a race condition in which nghttp2 maintains a reference to a stream after modhttp2 has destroyed it. This vulnerability has been fixed in...

Fedora Update for httpd FEDORA-2019-099575a123

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-10098

A vulnerability was discovered in Apache httpd, in modrewrite. Certain self-referential modrewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers...

Internet Bug Bounty: mod_http2, memory corruption on early pushes (CVE-2019-10081)

HTTP/2 very early pushes, for example configured with H2PushResource, could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. Scenarios where an attacker may be ab...

Apache 2.4.x < 2.4.41 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.41. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.41 advisory, including the following: - A limited cross-site scripting issue was reported affecting the modproxy error page. An attacker cou...

Node.js: Http response is not ended although underlying socket is already destroyed

Summary: When node server receives http request and hooks to end, finish and error events are attached on response object to handle cases when response is closed/ended but underlying socket is abruptly terminated then none of those events is fired. This leads to state when response seems to be...

keycloak-httpd-client-install security, bug fix, and enhancement update

0.8-1 - Resolves: rhbz1673716 - Rebase k-h-c-i to version 0.8 - The rebase also includes fixes for: - rhbz1533190 - CVE-2017-15111 keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloakcli.py - rhbz1533202 - CVE-2017-15112 keycloak-httpd-client-install: unsafe use of...

httpd security and bug fix update

2.4.6-90.0.1 - replace index.html with Oracles index page oracleindex.html Resolves: 1566317 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in modauthdigest - Resolves: 1696141 - CVE-2019-0217 httpd: modauthdigest: access control bypass due to race condition - Resolves: 1696096 -...

Oracle Linux 8 : httpd:2.4 (ELSA-2019-0980)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-0980 advisory. - Resolves: 1695431 - CVE-2019-0211 httpd: privilege escalation from modules scripts - Resolves: 1696090 - CVE-2019-0215 httpd:2.4/httpd: modssl: acces...

RHEL 7 : httpd (RHSA-2019:2343)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2343 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modauthdigest:...

NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)

The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple vulnerabilities: - Off-by-one error in the modssl Certificate Revocation List CRL verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a...

RHEL 7 : httpd (RHSA-2019:1898)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1898 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Weak Digest auth nonce...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20190729)

Security Fixes : - httpd: Weak Digest auth nonce generation in modauthdigest CVE-2018-1312 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid127725; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate",...

CentOS 7 : httpd (CESA-2019:1898)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Oracle Linux 7 : httpd (ELSA-2019-1898)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1898 advisory. 2.4.6-89.0.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-89.1 - Resolves: 1719722 - CVE-2018-1312 httpd: Weak Digest auth nonce...

NewStart CGSL MAIN 4.05 : httpd Vulnerability (NS-SA-2019-0156)

The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by a vulnerability: - A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the Allow and Deny configuration lines to be parsed incorrectly. A web...

RHEL 7 : keycloak-httpd-client-install (RHSA-2019:2137)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2137 advisory. The keycloak-httpd-client-install packages provide various libraries and tools that can automate and simplify the configuration of Apache...