httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications

It has been discovered that the modsession module of Apache HTTP Server httpd, through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session" header...

Moderate: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHEL 7 : httpd (RHSA-2020:3958)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3958 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Improper handlin...

RHEL 8 : httpd:2.4 (RHSA-2020:3734)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3734 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Push diary crash on...

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect Rational Build Forge (CVE-2018-1283, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2017-15710, CVE-2017-15715, CVE-2018-1301)

Summary There are multiple vulnerabilities in Apache HTTP Server affecting IBM Rational Build Forge. Vulnerability Details CVEID: CVE-2018-1283 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by an error when modsession is configured with SessionEnv...

EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1359)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1271)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1294)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1137)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2593)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : httpd (EulerOS-SA-2019-2402)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4....

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2019:1898 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

EulerOS Virtualization for ARM 64 3.0.1.0 : httpd (EulerOS-SA-2019-1389)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the...

EulerOS 2.0 SP3 : httpd (EulerOS-SA-2019-1294)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expir...

EulerOS Virtualization 2.5.3 : httpd (EulerOS-SA-2019-1271)

According to the version of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This cause...

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2019-1137)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expir...

MGASA-2019-0109 Updated apache packages fix security vulnerability

By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections in Apache HTTP Server versions 2.4.37 and prior CVE-2018-17189. In Apache HTTP Serv...

Amazon Linux AMI : httpd24 (ALAS-2019-1166)

In Apache HTTP server by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections. CVE-2018-17189 A bug exists in the way modssl handled client...

Important: httpd24

Issue Overview: In Apache HTTP server by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections. CVE-2018-17189 A bug exists in the way modss...

Security Bulletin: Vulnerabilities CVE-2018-17199, CVE-2018-17189, and CVE-2019-0190 in the IBM i HTTP Server affect IBM i.

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-0190 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the improper handling of client negotiations by modssl. By sending a specially crafted...