MiracleLinux 3 : httpd-2.2.3-22.2.1AXS3 (AXSA:2009-77:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-77:02 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Fixed bugs: CVE-2009-1890 The streamreqbodycl function in modproxyhttp.c i...

Security Bulletin: Vulnerabilities in httpd library (CVE-2024-47252, CVE-2025-23048, CVE-2025-49630) affect Power HMC.

Summary The httpd library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-47252 DESCRIPTION: Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS...

EUVD-2008-2360

Malware in sbrugna...

Advisory ROSA-SA-2023-2159

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: 2.4.37 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries. Exploitation of the...

K17202: Apache HTTP server vulnerability CVE-2012-3502

Security Advisory Description The proxy functionality in 1 modproxyajp.c in the modproxyajp module and 2 modproxyhttp.c in the modproxyhttp module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remot...

SUSE CVE-2008-2364

The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...

SUSE CVE-2020-13950

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

Security Bulletin: Vulnerability in Apache HTTP (CVE-2020-13950) affects Power HMC

Summary Apache HTTP webserver is used by IBM Power Hardware Management Console HMC for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerability, CVE-2020-13950 by upgrading IBM Power Hardware Management Console H...

CVE-2009-1890

...

Apache HTTP Server Information Disclosure Vulnerability (Aug 2012) - Linux

Apache HTTP Server is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Amazon Linux AMI : httpd24 (ALAS-2021-1514)

The version of httpd24 installed on the remote host is prior to 2.4.48-1.92. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1514 advisory. A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 A flaw w...

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:0908-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0908-1 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests...

FreeBSD : Apache httpd -- Multiple vulnerabilities (cce76eca-ca16-11eb-9b84-d4c9ef517024)

The Apache httpd reports : - moderate: modproxywstunnel tunneling of non Upgraded connections CVE-2019-17567 - moderate: Improper Handling of Insufficient Privileges CVE-2020-13938 - low: modproxyhttp NULL pointer dereference CVE-2020-13950 - low: modauthdigest possible stack overflow by one nul...

Amazon Linux 2 : httpd (ALAS-2021-1659)

The version of httpd installed on the remote host is prior to 2.4.48-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1659 advisory. A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 Apache HTTP...

USN-4994-1: Apache HTTP Server vulnerabilities

Marc Stern discovered that the Apache modproxyhttp module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. CVE-2020-13950...

MGASA-2021-0265 Updated apache packages fix security vulnerabilities

modproxywstunnel tunneling of non Upgraded connections: Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connecti...

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of service. The modproxyhttp can be made to crash via a NULL pointer dereference via malicious requests using both Content-Length and Transfer-Encoding headers...

CVE-2020-13950

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

AZL-6474 CVE-2020-13950 affecting package httpd for versions less than 2.4.46-10

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

CVE-2020-13950

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...