513 matches found
ALSA-2024:4726 Important: httpd security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Improper escaping of output in modrewrite CVE-2024-38475 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: null pointer dereference in modproxy...
httpd security update
2.4.57-11.0.1 - Replace index.html with Oracle's index page oracleindex.html. 2.4.57-11 - Resolves: RHEL-45792 - httpd: Encoding problem in modproxy CVE-2024-38473 2.4.57-9 - Resolves: RHEL-45766 - httpd: null pointer dereference in modproxy CVE-2024-38477 - Resolves: RHEL-45749 - httpd: Potentia...
SUSE: Security Advisory (SUSE-SU-2024:2591-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 8 : httpd:2.4 (RHSA-2024:4719)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4719 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Substitution...
Oracle Linux 9 : httpd (ELSA-2024-4726)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4726 advisory. - Resolves: RHEL-45792 - httpd: Encoding problem in modproxy CVE-2024-38473 - Resolves: RHEL-45766 - httpd: null pointer dereference in modproxy...
RHEL 8 : httpd:2.4 (RHSA-2024:4720)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4720 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem...
Oracle Linux 8 : httpd:2.4 (ELSA-2024-4720)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4720 advisory. - Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue in modrewrite CVE-2024-38474 - Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding...
SUSE SLES15: apache2 / apache2-devel / apache2-doc / apache2-prefork / etc (SUSE-SU-2024:2591-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2591-1 advisory. - CVE-2024-38475: Fixed improper escaping of output in modrewrite bsc1227268 - CVE-2024-38476: Fixed server may use...
Important: httpd security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Improper escaping of output in modrewrite CVE-2024-38475 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: null pointer dereference in modproxy...
Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem in modproxy CVE-2024-38473 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: Improper escaping of output in modrewrite CVE-2024-38475...
CVE-2024-40898
A flaw was found in HTTPd on Windows systems. This issue potentially allows NTLM hashes to be leaked via modrewrite in server/vhost context to a malicious server via Server-side request forgery SSRF and malicious requests or content. Mitigation Mitigation for this issue is either not available or...
SUSE-SU-2024:2591-1 Security update for apache2
This update for apache2 fixes the following issues: - CVE-2024-38475: Fixed improper escaping of output in modrewrite bsc1227268 - CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect bsc1227269...
Apache 2.4.x < 2.4.62 Multiple Vulnerabilities
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.62. It is, therefore, affected by multiple vulnerabilities: - A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration o...
Important: httpd
Issue Overview: Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
Mageia: Security Advisory (MGASA-2024-0272)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2024-0272 Updated apache packages fix security vulnerabilities
CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...
Updated apache packages fix security vulnerabilities
CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...
OESA-2024-1852 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or...
Internet Bug Bounty: important: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (CVE-2024-40898)
important: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows CVE-2024-40898 A vulnerability was reported in the Apache HTTP Server that allowed Server-Side Request Forgery SSRF in the server/vhost context on Windows systems with modrewrite enabled. This vulnerability was...
CVE-2024-40898
SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...