CentOS 8 : httpd:2.4 (CESA-2021:3816)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3816 advisory. - httpd: modsession: Heap overflow via a crafted SessionHeader value CVE-2021-26691 - httpd: modproxy: SSRF via a crafted request uri-path containing...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxy: SSRF via a crafted request uri-path containing "unix:" CVE-2021-40438 httpd: modsession: Heap overflow via a crafted SessionHeader value CVE-2021-26691 For more...

ALSA-2021:3816 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxy: SSRF via a crafted request uri-path containing "unix:" CVE-2021-40438 httpd: modsession: Heap overflow via a crafted SessionHeader value CVE-2021-26691 For more...

RLSA-2021:3816 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxy: SSRF via a crafted request uri-path containing "unix:" CVE-2021-40438 httpd: modsession: Heap overflow via a crafted SessionHeader value CVE-2021-26691 For more...

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2021-2553)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of...

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2021-2333)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2021-2298)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of...

Security update for apache2 (important)

openSUSE Security Update: Security update for apache2 Announcement ID: openSUSE-SU-2021:2127-1 Rating: important References: 1186922 1186923 1186924 1187017 1187040 1187174 Cross-References: CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 CVE-2021-31618 CVSS scores:...

Debian DLA-2706-1 : apache2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2706 advisory. Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes opti...

OESA-2021-1253 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of ServiceCVE-2021-26690...

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:0908-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0908-1 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests...

FreeBSD : Apache httpd -- Multiple vulnerabilities (cce76eca-ca16-11eb-9b84-d4c9ef517024)

The Apache httpd reports : - moderate: modproxywstunnel tunneling of non Upgraded connections CVE-2019-17567 - moderate: Improper Handling of Insufficient Privileges CVE-2020-13938 - low: modproxyhttp NULL pointer dereference CVE-2020-13950 - low: modauthdigest possible stack overflow by one nul...

Amazon Linux 2 : httpd (ALAS-2021-1659)

The version of httpd installed on the remote host is prior to 2.4.48-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1659 advisory. A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 Apache HTTP...

USN-4994-2: Apache HTTP Server vulnerabilities

USN-4994-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Antonio Morales discovered that the Apache modauthdigest module incorrectly handled certain Digest nonces. A remote attacker coul...

USN-4994-1: Apache HTTP Server vulnerabilities

Marc Stern discovered that the Apache modproxyhttp module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. CVE-2020-13950...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2021:2004-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2004-1 advisory. - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An...

SUSE SLED12 / SLES12 Security Update : apache2 (SUSE-SU-2021:2006-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2006-1 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest...

MGASA-2021-0265 Updated apache packages fix security vulnerabilities

modproxywstunnel tunneling of non Upgraded connections: Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connecti...

Denial Of Service(DoS)

Apache HTTP Server is vulnerable to denial of service.A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service...