Lucene search
K

633 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:18 a.m.2 views

SUSE CVE-2005-1268

Off-by-one error in the modssl Certificate Revocation List CRL verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service child process crash via a CRL that causes a buffer overflow of one null byte...

5CVSS7.2AI score0.08388EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.4 views

SUSE CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

7.5CVSS8.7AI score0.59942EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.2 views

SUSE CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...

7.5CVSS8.8AI score0.10508EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.20 views

Slackware: Security Advisory (SSA:2005-251-03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.1AI score0.30576EPSS
Exploits0References3
Cent OS
Cent OS
added 2022/03/29 1:35 p.m.917 views

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2022:1045 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.4AI score0.28189EPSS
Exploits0References7
Cent OS
Cent OS
added 2022/01/25 5:31 p.m.702 views

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2022:0143 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.4AI score0.97108EPSS
Exploits4References7
OpenVAS
OpenVAS
added 2021/12/31 12:0 a.m.34 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-2915)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.2AI score0.99999EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2021/07/19 12:0 a.m.20 views

Apache mod_ssl Detection (HTTP)

HTTP based detection of Apache modssl. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute i...

7.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/01/29 12:0 a.m.55 views

CentOS 8 : httpd:2.4 (CESA-2019:0980)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:0980 advisory. - httpd: privilege escalation from modules scripts CVE-2019-0211 - httpd: modssl: access control bypass when using per-location client certification...

7.8CVSS7AI score0.65005EPSS
Exploits8References3
Veracode
Veracode
added 2020/12/06 3:56 a.m.45 views

Escalation Of Privilege

In Apache HTTP Server 2.4 is vulnerable to escalation of privilege. The vulnerability exist because of a bug in modssl that uses per-location client certificate verification which allows a client to bypass configured access control restrictions...

7.5CVSS2.2AI score0.10508EPSS
Exploits0References49Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/09/14 12:0 a.m.45 views

RHEL 8 : httpd:2.4 (RHSA-2020:3734)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3734 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Push diary crash on...

7.5CVSS7.9AI score0.89744EPSS
Exploits0References4
Amazon
Amazon
added 2020/06/03 12:0 a.m.67 views

Low: httpd24

Issue Overview: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.CVE-2020-1927 In Apache HTTP Server 2.4.0 to 2.4.41,...

6.1CVSS7.1AI score0.56691EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/04/21 12:0 a.m.58 views

Scientific Linux Security Update : httpd on SL7.x x86_64 (20200407)

httpd: modsessioncookie does not respect expiry time httpd: Out of bounds write in modauthnzldap when using too small Accept-Language values httpd: Out of bounds access after failure in reading the HTTP request C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

7.5CVSS6.3AI score0.19994EPSS
Exploits0References4
Veracode
Veracode
added 2020/04/10 12:36 a.m.47 views

Man-in-the-Middle (MitM)

httpd is vulnerable to man-in-the-middle MitM. The vulnerability exists as a flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's...

5.8CVSS1AI score0.87264EPSS
Exploits14References331Affected Software13
Veracode
Veracode
added 2020/04/10 12:33 a.m.34 views

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the handling of compression structures between modssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively...

5CVSS1.8AI score0.05288EPSS
Exploits2References67Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.42 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1294)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8AI score0.19994EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.46 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1389)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.94999EPSS
Exploits13References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.47 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1177)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.57472EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.36 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1137)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8AI score0.19994EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.68 views

Security Bulletin: CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668 and CVE-2017-7679 in IBM i HTTP Server

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmime. By sending a specially crafted Content-Ty...

9.8CVSS1.6AI score0.57472EPSS
Exploits4Affected Software1
Rows per page
Query Builder