633 matches found
SUSE CVE-2005-1268
Off-by-one error in the modssl Certificate Revocation List CRL verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service child process crash via a CRL that causes a buffer overflow of one null byte...
SUSE CVE-2019-0190
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
SUSE CVE-2019-0215
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...
Slackware: Security Advisory (SSA:2005-251-03)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
CentOS Errata and Security Advisory CESA-2022:1045 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
CentOS Errata and Security Advisory CESA-2022:0143 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-2915)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache mod_ssl Detection (HTTP)
HTTP based detection of Apache modssl. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute i...
CentOS 8 : httpd:2.4 (CESA-2019:0980)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:0980 advisory. - httpd: privilege escalation from modules scripts CVE-2019-0211 - httpd: modssl: access control bypass when using per-location client certification...
Escalation Of Privilege
In Apache HTTP Server 2.4 is vulnerable to escalation of privilege. The vulnerability exist because of a bug in modssl that uses per-location client certificate verification which allows a client to bypass configured access control restrictions...
RHEL 8 : httpd:2.4 (RHSA-2020:3734)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3734 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Push diary crash on...
Low: httpd24
Issue Overview: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.CVE-2020-1927 In Apache HTTP Server 2.4.0 to 2.4.41,...
Scientific Linux Security Update : httpd on SL7.x x86_64 (20200407)
httpd: modsessioncookie does not respect expiry time httpd: Out of bounds write in modauthnzldap when using too small Accept-Language values httpd: Out of bounds access after failure in reading the HTTP request C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...
Man-in-the-Middle (MitM)
httpd is vulnerable to man-in-the-middle MitM. The vulnerability exists as a flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's...
Denial Of Service (DoS)
httpd is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the handling of compression structures between modssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1294)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1389)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1177)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1137)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668 and CVE-2017-7679 in IBM i HTTP Server
Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmime. By sending a specially crafted Content-Ty...