Lucene search
K

513 matches found

OSV
OSV
added 2024/07/23 12:0 a.m.43 views

ALSA-2024:4726 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Improper escaping of output in modrewrite CVE-2024-38475 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: null pointer dereference in modproxy...

9.8CVSS8AI score0.99957EPSS
Exploits2References12
Oracle linux
Oracle linux
added 2024/07/23 12:0 a.m.53 views

httpd security update

2.4.57-11.0.1 - Replace index.html with Oracle's index page oracleindex.html. 2.4.57-11 - Resolves: RHEL-45792 - httpd: Encoding problem in modproxy CVE-2024-38473 2.4.57-9 - Resolves: RHEL-45766 - httpd: null pointer dereference in modproxy CVE-2024-38477 - Resolves: RHEL-45749 - httpd: Potentia...

9.8CVSS7.3AI score0.99957EPSS
Exploits2
OpenVAS
OpenVAS
added 2024/07/23 12:0 a.m.44 views

SUSE: Security Advisory (SUSE-SU-2024:2591-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.99957EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.48 views

RHEL 8 : httpd:2.4 (RHSA-2024:4719)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4719 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Substitution...

9.8CVSS8.2AI score0.99957EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.53 views

Oracle Linux 9 : httpd (ELSA-2024-4726)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4726 advisory. - Resolves: RHEL-45792 - httpd: Encoding problem in modproxy CVE-2024-38473 - Resolves: RHEL-45766 - httpd: null pointer dereference in modproxy...

9.8CVSS7.6AI score0.99957EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.266 views

RHEL 8 : httpd:2.4 (RHSA-2024:4720)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4720 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem...

9.8CVSS7.7AI score0.99957EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.56 views

Oracle Linux 8 : httpd:2.4 (ELSA-2024-4720)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4720 advisory. - Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue in modrewrite CVE-2024-38474 - Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding...

9.8CVSS7.6AI score0.99957EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.33 views

SUSE SLES15: apache2 / apache2-devel / apache2-doc / apache2-prefork / etc (SUSE-SU-2024:2591-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2591-1 advisory. - CVE-2024-38475: Fixed improper escaping of output in modrewrite bsc1227268 - CVE-2024-38476: Fixed server may use...

9.8CVSS7.1AI score0.99957EPSS
Exploits1References7
AlmaLinux
AlmaLinux
added 2024/07/23 12:0 a.m.64 views

Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Improper escaping of output in modrewrite CVE-2024-38475 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: null pointer dereference in modproxy...

9.8CVSS7.3AI score0.99957EPSS
Exploits2References12
AlmaLinux
AlmaLinux
added 2024/07/23 12:0 a.m.56 views

Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem in modproxy CVE-2024-38473 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: Improper escaping of output in modrewrite CVE-2024-38475...

9.8CVSS9.3AI score0.99957EPSS
Exploits2References12
RedhatCVE
RedhatCVE
added 2024/07/22 5:37 p.m.50 views

CVE-2024-40898

A flaw was found in HTTPd on Windows systems. This issue potentially allows NTLM hashes to be leaked via modrewrite in server/vhost context to a malicious server via Server-side request forgery SSRF and malicious requests or content. Mitigation Mitigation for this issue is either not available or...

7.5CVSS8.9AI score0.01536EPSS
Exploits5References4
OSV
OSV
added 2024/07/22 12:41 p.m.33 views

SUSE-SU-2024:2591-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-38475: Fixed improper escaping of output in modrewrite bsc1227268 - CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect bsc1227269...

9.8CVSS8.7AI score0.99957EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.117 views

Apache 2.4.x < 2.4.62 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.62. It is, therefore, affected by multiple vulnerabilities: - A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration o...

9.1CVSS7AI score0.04134EPSS
Exploits5References4
Amazon
Amazon
added 2024/07/22 12:0 a.m.41 views

Important: httpd

Issue Overview: Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

9.8CVSS7.5AI score0.99957EPSS
Exploits2
OpenVAS
OpenVAS
added 2024/07/22 12:0 a.m.44 views

Mageia: Security Advisory (MGASA-2024-0272)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.7AI score0.04134EPSS
Exploits5References4
OSV
OSV
added 2024/07/20 9:22 p.m.54 views

MGASA-2024-0272 Updated apache packages fix security vulnerabilities

CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...

9.1CVSS6.8AI score0.04134EPSS
Exploits5References3
Mageia
Mageia
added 2024/07/20 9:22 p.m.69 views

Updated apache packages fix security vulnerabilities

CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...

9.1CVSS7.1AI score0.04134EPSS
Exploits5References2
OSV
OSV
added 2024/07/19 11:8 a.m.7 views

OESA-2024-1852 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or...

9.8CVSS7AI score0.03153EPSS
Exploits0References3
Hacker One
Hacker One
added 2024/07/19 3:2 a.m.69 views

Internet Bug Bounty: important: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (CVE-2024-40898)

important: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows CVE-2024-40898 A vulnerability was reported in the Apache HTTP Server that allowed Server-Side Request Forgery SSRF in the server/vhost context on Windows systems with modrewrite enabled. This vulnerability was...

9.1CVSS7.4AI score0.01536EPSS
Exploits5
NVD
NVD
added 2024/07/18 10:15 a.m.113 views

CVE-2024-40898

SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...

9.1CVSS0.01536EPSS
Exploits5References3
Rows per page
Query Builder