9 matches found
BIT-APACHE-2021-44790 Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...
Rocky Linux 8 : httpd:2.4 (RLSA-2022:0258)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0258 advisory. - A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1349)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : httpd (EulerOS-SA-2022-1326)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd...
EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-1290)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixi...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1306)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 7 : httpd (ELSA-2022-0143)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0143 advisory. - modsession: save one aprstrtok Orabug: 33338149CVE-2021-26690 - Resolves: 2031072 - CVE-2021-34798 httpd: NULL pointer dereference via malformed...
SUSE SLES12: apache2 / apache2-doc / apache2-example-pages / apache2-prefork / etc (SUSE-SU-2022:0065-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0065-1 advisory. - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. bsc1193943 - CVE-2021-44790: Fixed buffer overflo...
CLSA-2021-1640697114 Fix CVE(s): CVE-2021-44224, CVE-2021-44970
SECURITY UPDATE: buffer overflow in the modlua multipart parser - debian/patches/CVE-2021-44970.patch: add test to prevent integer overflow in reqparsebody - CVE-2021-44970 SECURITY UPDATE: null pointer dereference in reverse proxy module - debian/patches/CVE-2021-44224.patch: add tests for retur...