80 matches found
Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP vulnerability related to the directive in an .htaccess file. Note that the scanner has not tested for these issues but has instead relied only on the...
Security Bulletin: IBM Systems Director (ISD) Storage Control is affected by vulnerabilities in IBM Websphere Application Server (WAS), OpenSSL and IBM Java Runtime
Summary There are vulnerabilities addressed in IBM WAS, IBM Runtime Environment Java™Technology Edition, and OpenSSL that are used by ISD Storage Control. The Java issues were disclosed as part of the IBM Java updates for October 2017. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An...
Security Bulletin: A vulnerability in httpd affects PowerKVM
Summary PowerKVM is affected by a vulnerability in the Apache HTTP Server httpd. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS...
Security Bulletin: IBM Security Access Manager Appliance is affected by a HTTPD vulnerability (CVE-2017-9798)
Summary IBM Security Access Manager Appliance has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By...
Security Bulletin: Security Vulnerabilities in IBM HTTP Server (CVE-2017-9798, CVE-2017-12618)
Summary There is an information disclosure vulnerability and a denial of service vulnerability that affect the IBM HTTP Server used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive...
openSUSE Security Update : virtualbox (openSUSE-2018-389) (Optionsbleed)
This update for VirtualBox to version 5.1.36 fixes multiple issues : Security issues fixed : - CVE-2018-0739: Unauthorized remote attacker may have caused a hang or frequently repeatable crash complete DOS - CVE-2018-2830: Attacker with host login may have compromised Virtualbox or further system...
Fedora 27 : httpd (2017-fdd3a98e8f) (Optionsbleed)
This is a release fixing a security fix applied upstream, known as 'optionsbleed' in popular parlance. It is relevant for hosted and co-located instances of Fedora and why wouldn't you?. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora upda...
Updated apache packages fix security vulnerability
modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC CVE-2016-0736...
MGASA-2018-0009 Updated apache packages fix security vulnerability
Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed CVE-2017-9798...
Updated apache packages fix security vulnerability
Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed CVE-2017-9798...
RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3476)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3476 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...
RHEL 6 / 7 : Red Hat JBoss Enterprise Application Platform 6.4.18 (RHSA-2017:3240)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3240 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release...
RHEL 7 : httpd (RHSA-2017:3193) (Optionsbleed)
An update for httpd is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RHEL 6 / 7 : Red Hat JBoss Web Server (RHSA-2017:3113)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3113 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implement...
SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)
This update for apache2 fixes the following issues : - Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files. bsc1052830 - Allow ECDH again in modssl, it had been incorrectly disabled with the 2.2.34 update. bsc1064561 Following security issue has...
GLSA-201710-32 : Apache: Multiple vulnerabilities (Optionsbleed)
The remote host is affected by the vulnerability described in GLSA-201710-32 Apache: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details. Impact : The Optionsbleed vulnerability can leak arbitrary memory from t...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details. Impact The Optionsbleed vulnerability can leak arbitrary memory from the server...
USN-3425-2: Apache HTTP Server vulnerability
USN-3425-1 fixed a vulnerability in Apache HTTP Server. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote...
RHEL 6 : httpd (RHSA-2017:2972)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2972 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: A use-after-free flaw w...
SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2756-1) (Optionsbleed)
This update for apache2 fixes several issues. These security issues were fixed : - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS bsc1058058 - CVE-2017-9788: Uninitialized memory reflection in modauthdigest could have lead to leakage of...