SUSE: Security Advisory (SUSE-SU-2017:0801-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: httpd security and bug fix update

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

WordPress PHPMailer Host Header Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to t...

WordPress PHPMailer Host Header Command Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress PHPMailer Host Header Command Injection', 'Description' = %q This module exploits a command injection vulnerability in WordPress version...

WordPress PHPMailer Host Header Command Injection

This module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered...

Ubuntu 14.04 LTS / 16.04 LTS : Apache HTTP Server vulnerabilities (USN-3279-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3279-1 advisory. It was discovered that the Apache modsessioncrypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker...

openSUSE Security Update : apache2 (openSUSE-2017-417)

This update for apache2 provides the following fixes : Security issues fixed : - CVE-2016-0736: Protect modsessioncrypto data with a MAC to prevent padding oracle attacks bsc1016712. - CVE-2016-2161: Malicious input to modauthdigest could have caused the server to crash, resulting in DoS...

openSUSE Security Update : apache2 (openSUSE-2017-416)

This update for apache2 fixes the following security issues : Security issues fixed : - CVE-2016-0736: Protect modsessioncrypto data with a MAC to prevent padding oracle attacks bsc1016712. - CVE-2016-2161: Malicious input to modauthdigest could have caused the server to crash, resulting in DoS...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:0797-1)

This update for apache2 fixes the following security issues: Security issues fixed : - CVE-2016-0736: Protect modsessioncrypto data with a MAC to prevent padding oracle attacks bsc1016712. - CVE-2016-2161: Malicious input to modauthdigest could have caused the server to crash, resulting in DoS...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:0801-1)

This update for apache2 provides the following fixes: Security issues fixed : - CVE-2016-0736: Protect modsessioncrypto data with a MAC to prevent padding oracle attacks bsc1016712. - CVE-2016-2161: Malicious input to modauthdigest could have caused the server to crash, resulting in DoS bsc101671...

SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:0729-1)

This update for apache2 fixes the following issues: Security issues fixed : - CVE-2016-2161: Malicious input to modauthdigest could have caused the server to crash, resulting in DoS bsc1016714. - CVE-2016-8743: Added new directive 'HttpProtocolOptions Strict' to avoid proxy chain misinterpretatio...

SUSE-SU-2017:0729-1 Security update for apache2

This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-2161: Malicious input to modauthdigest could have caused the server to crash, resulting in DoS bsc1016714. - CVE-2016-8743: Added new directive 'HttpProtocolOptions Strict' to avoid proxy chain misinterpretation...

Apache Httpd < 2.2.32 : Apache HTTP Request Parsing Whitespace Defects

Apache HTTP Server, prior to release 2.4.25 and 2.2.32, accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines...

Apache Httpd < 2.4.25 : Apache HTTP Request Parsing Whitespace Defects

Apache HTTP Server, prior to release 2.4.25 and 2.2.32, accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines...