455 matches found
CVE-2021-31618
CVE-2021-31618 affects the Apache httpd mod_http2 component. The issue is a NULL pointer dereference in the HTTP/2 header handling when size limits are violated, leading to denial of service by crashing the httpd worker process. Affected releases include mod_http2 1.15.17 and Apache httpd 2.4.47 ...
CVE-2021-31618
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...
CVE-2021-31618
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...
SUSE: Security Advisory (SUSE-SU-2019:0504-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[slackware-security] httpd
New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/httpd-2.4.48-i586-1slack14.2.txz: Upgraded. This release contains security fixes and improvements. modhttp2: Fix a potenti...
Apache 2.4.x < 2.4.48 Vulnerability
The version of Apache httpd installed on the remote host is prior to 2.4.48. It is, therefore, affected by a vulnerability as referenced in the 2.4.48 changelog. - modhttp2: Fix a potential NULL pointer dereference CVE-2021-31618 Note that Nessus has not tested for this issue but has instead reli...
RHEL 8 : httpd:2.4 (RHSA-2021:1809)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1809 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsessioncookie...
CentOS 8 : httpd:2.4 (CESA-2021:1809)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1809 advisory. - httpd: modsessioncookie does not respect expiry time CVE-2018-17199 - httpd: modproxyuwsgi buffer overflow CVE-2020-11984 - httpd: modhttp2 concurren...
Moderate: Red Hat Security Advisory: httpd:2.4 security, bug fix, and enhancement update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RLSA-2021:1809 Moderate: httpd:2.4 security, bug fix, and enhancement update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsessioncookie does not respect expiry time CVE-2018-17199 httpd: modproxyuwsgi buffer overflow CVE-2020-11984 httpd: modhttp2 concurrent pool usage CVE-2020-11993 For mor...
httpd:2.4 security, bug fix, and enhancement update
An update is available for httpd, modhttp2, modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful,...
Moderate: httpd:2.4 security, bug fix, and enhancement update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsessioncookie does not respect expiry time CVE-2018-17199 httpd: modproxyuwsgi buffer overflow CVE-2020-11984 httpd: modhttp2 concurrent pool usage CVE-2020-11993 For mor...
ALSA-2021:1809 Moderate: httpd:2.4 security, bug fix, and enhancement update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsessioncookie does not respect expiry time CVE-2018-17199 httpd: modproxyuwsgi buffer overflow CVE-2020-11984 httpd: modhttp2 concurrent pool usage CVE-2020-11993 For mor...
Apache Httpd < 2.4.48 : NULL pointer dereference on specially crafted HTTP/2 request
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...
SUSE: Security Advisory (SUSE-SU-2019:0498-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 8 : httpd:2.4 (CESA-2020:4751)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4751 advisory. - httpd: modhttp2: DoS via slow, unneeded request bodies CVE-2018-17189 - httpd: modhttp2: read-after-free on a string compare CVE-2019-0196 - httpd:...
Amazon Linux 2 : httpd (ALAS-2020-1490)
The version of httpd installed on the remote host is prior to 2.4.46-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1490 advisory. Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE A flaw was found in Apache httpd in...
httpd:2.4 security, bug fix, and enhancement update
httpd 2.4.37-13.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-30 - Resolves: 1209162 - support logging to journald from CustomLog 2.4.37-29 - Resolves: 1823263 CVE-2020-1934 - CVE-2020-1934 httpd: modproxyftp use o...
httpd: mod_http2: read-after-free on a string compare
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...
Moderate: Red Hat Security Advisory: httpd:2.4 security, bug fix, and enhancement update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...