F5 Networks BIG-IP : Apache HTTPD vulnerability (K000140784)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000140784 advisory. null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server v...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2024:2999-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2999-1 advisory. - CVE-2024-38474: Fixed substitution encoding issue in modrewrite bsc1227278 - CVE-2024-38473: Fixed encoding problem in modproxy...

SUSE: Security Advisory (SUSE-SU-2024:2999-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2024-1724351412 httpd: Fix of 9 CVEs

CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: modrewrite: server weakness in modrewrite when first segment of substitution matches filesystem path - CVE-2024-38477: modproxy: crash resulting in Denial of Service in modproxy via a...

CLSA-2024-1724351166 httpd: Fix of 9 CVEs

CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: modrewrite: server weakness in modrewrite when first segment of substitution matches filesystem path - CVE-2024-38477: modproxy: crash resulting in Denial of Service in modproxy via a...

SUSE-SU-2024:2999-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-38474: Fixed substitution encoding issue in modrewrite bsc1227278 - CVE-2024-38473: Fixed encoding problem in modproxy bsc1227276...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2024:2997-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2997-1 advisory. - CVE-2024-38474: Fixed substitution encoding issue in modrewrite bsc1227278 - CVE-2024-38473: Fixed encoding problem in modproxy...

SUSE: Security Advisory (SUSE-SU-2024:2997-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:2997-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-38474: Fixed substitution encoding issue in modrewrite bsc1227278 - CVE-2024-38473: Fixed encoding problem in modproxy bsc1227276...

F5 Networks BIG-IP : Apache HTTP server vulnerability (K000140693)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000140693 advisory. Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules ...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP5 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

RHEL 9 : httpd (RHSA-2024:5001)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5001 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem...

K000140581: Apache mod_proxy vulnerability CVE-2024-36387

Security Advisory Description Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. CVE-2024-36387 Impact There is no impact; F5 products are not affected by this vulnerability...

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

SUSE: Security Advisory (SUSE-SU-2024:2624-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : httpd (RHSA-2024:4938)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4938 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Substitution...

SUSE-SU-2024:2624-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-38475: Fixed improper escaping of output in modrewrite bsc1227268 - CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect bsc1227269 - CVE-2024-38477: Fixed...

CLSA-2024-1722003981 httpd: Fix of 5 CVEs

CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: modrewrite: server weakness in modrewrite when first segment of substitution matches filesystem path - CVE-2024-38477: modproxy: crash resulting in Denial of Service in modproxy via a...

RLSA-2024:4726 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Improper escaping of output in modrewrite CVE-2024-38475 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: null pointer dereference in modproxy...