Linux Distros Unpatched Vulnerability : CVE-2025-59775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM...

BIT-APACHE-2021-30641 Unexpected URL matching with 'MergeSlashes OFF'

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...

SUSE CVE-2021-30641

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...

EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2022-1069)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...

EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2021-2746)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...

httpd: Unexpected URL matching with 'MergeSlashes OFF'

A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity...

httpd: Unexpected URL matching with 'MergeSlashes OFF'

A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity...

Moderate: httpd:2.4 security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsession: NULL pointer dereference when parsing Cookie header CVE-2021-26690 httpd: Unexpected URL matching with 'MergeSlashes OFF' CVE-2021-30641 For more details about t...

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2021-2553)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2021-2463)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

Debian: Security Advisory (DSA-4937-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4937-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4937-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 08, 2021 https://www.debian.org/security/faq -...

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:0908-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0908-1 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests...

FreeBSD : Apache httpd -- Multiple vulnerabilities (cce76eca-ca16-11eb-9b84-d4c9ef517024)

The Apache httpd reports : - moderate: modproxywstunnel tunneling of non Upgraded connections CVE-2019-17567 - moderate: Improper Handling of Insufficient Privileges CVE-2020-13938 - low: modproxyhttp NULL pointer dereference CVE-2020-13950 - low: modauthdigest possible stack overflow by one nul...

USN-4994-2: Apache HTTP Server vulnerabilities

USN-4994-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Antonio Morales discovered that the Apache modauthdigest module incorrectly handled certain Digest nonces. A remote attacker coul...

SUSE-SU-2021:14749-1 Security update for apache2

This update for apache2 fixes the following issues: - fixed CVE-2021-30641 bsc1187174: MergeSlashes regression - fixed CVE-2020-35452 bsc1186922: Single zero byte stack overflow in modauthdigest...

Important: httpd

Issue Overview: A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows CVE-2020-13938 A flaw was found In Apache httpd. The modproxy has a NULL...

Denial Of Service(DoS)

Apache HTTP Server is vulnerable to denial of service due to an unexpected matching behavior with 'MergeSlashes OFF'...

CVE-2021-30641

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...

Code injection

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...