Lucene search
+L

80 matches found

nessus
nessus
added 2019/01/09 12:0 a.m.28 views

Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP vulnerability related to the directive in an .htaccess file. Note that the scanner has not tested for these issues but has instead relied only on the...

7.5CVSS7.9AI score0.94999EPSS
Exploits9References3
ibm
ibm
added 2018/06/18 1:41 a.m.33 views

Security Bulletin: IBM Systems Director (ISD) Storage Control is affected by vulnerabilities in IBM Websphere Application Server (WAS), OpenSSL and IBM Java Runtime

Summary There are vulnerabilities addressed in IBM WAS, IBM Runtime Environment Java™Technology Edition, and OpenSSL that are used by ISD Storage Control. The Java issues were disclosed as part of the IBM Java updates for October 2017. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An...

9.8CVSS1AI score0.94999EPSS
Exploits15Affected Software1
ibm
ibm
added 2018/06/18 1:38 a.m.52 views

Security Bulletin: A vulnerability in httpd affects PowerKVM

Summary PowerKVM is affected by a vulnerability in the Apache HTTP Server httpd. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS...

7.5CVSS6.6AI score0.94999EPSS
Exploits9Affected Software1
ibm
ibm
added 2018/06/16 10:5 p.m.54 views

Security Bulletin: IBM Security Access Manager Appliance is affected by a HTTPD vulnerability (CVE-2017-9798)

Summary IBM Security Access Manager Appliance has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By...

7.5CVSS1.1AI score0.94999EPSS
Exploits9Affected Software1
ibm
ibm
added 2018/06/15 7:8 a.m.79 views

Security Bulletin: Security Vulnerabilities in IBM HTTP Server (CVE-2017-9798, CVE-2017-12618)

Summary There is an information disclosure vulnerability and a denial of service vulnerability that affect the IBM HTTP Server used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive...

7.5CVSS0.4AI score0.94999EPSS
Exploits12Affected Software1
nessus
nessus
added 2018/04/24 12:0 a.m.61 views

openSUSE Security Update : virtualbox (openSUSE-2018-389) (Optionsbleed)

This update for VirtualBox to version 5.1.36 fixes multiple issues : Security issues fixed : - CVE-2018-0739: Unauthorized remote attacker may have caused a hang or frequently repeatable crash complete DOS - CVE-2018-2830: Attacker with host login may have compromised Virtualbox or further system...

8.8CVSS6.3AI score0.94999EPSS
Exploits14References16
nessus
nessus
added 2018/01/15 12:0 a.m.60 views

Fedora 27 : httpd (2017-fdd3a98e8f) (Optionsbleed)

This is a release fixing a security fix applied upstream, known as 'optionsbleed' in popular parlance. It is relevant for hosted and co-located instances of Fedora and why wouldn't you?. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora upda...

7.5CVSS6.9AI score0.94999EPSS
Exploits9References2
mageia
mageia
added 2018/01/01 10:38 a.m.85 views

Updated apache packages fix security vulnerability

modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC CVE-2016-0736...

9.8CVSS0.4AI score0.94999EPSS
Exploits17References5
osv
osv
added 2018/01/01 10:38 a.m.22 views

MGASA-2018-0009 Updated apache packages fix security vulnerability

Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed CVE-2017-9798...

7.5CVSS7.7AI score0.94999EPSS
Exploits9References3
mageia
mageia
added 2018/01/01 10:38 a.m.47 views

Updated apache packages fix security vulnerability

Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed CVE-2017-9798...

7.5CVSS1.5AI score0.94999EPSS
Exploits9References2
nessus
nessus
added 2017/12/19 12:0 a.m.282 views

RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3476)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3476 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...

9.8CVSS7.3AI score0.94999EPSS
Exploits12References14
nessus
nessus
added 2017/11/20 12:0 a.m.227 views

RHEL 6 / 7 : Red Hat JBoss Enterprise Application Platform 6.4.18 (RHSA-2017:3240)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3240 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release...

9.1CVSS7.1AI score0.95707EPSS
Exploits16References13
nessus
nessus
added 2017/11/14 12:0 a.m.69 views

RHEL 7 : httpd (RHSA-2017:3193) (Optionsbleed)

An update for httpd is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS7.2AI score0.94999EPSS
Exploits13References13
nessus
nessus
added 2017/11/08 12:0 a.m.132 views

RHEL 6 / 7 : Red Hat JBoss Web Server (RHSA-2017:3113)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3113 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implement...

9.1CVSS7.5AI score0.99988EPSS
Exploits53References14
nessus
nessus
added 2017/10/31 12:0 a.m.177 views

SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)

This update for apache2 fixes the following issues : - Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files. bsc1052830 - Allow ECDH again in modssl, it had been incorrectly disabled with the 2.2.34 update. bsc1064561 Following security issue has...

10CVSS7.2AI score0.94999EPSS
Exploits26References26
nessus
nessus
added 2017/10/30 12:0 a.m.60 views

GLSA-201710-32 : Apache: Multiple vulnerabilities (Optionsbleed)

The remote host is affected by the vulnerability described in GLSA-201710-32 Apache: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details. Impact : The Optionsbleed vulnerability can leak arbitrary memory from t...

9.8CVSS7.3AI score0.94999EPSS
Exploits13References9
gentoo
gentoo
added 2017/10/29 12:0 a.m.91 views

Apache: Multiple vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details. Impact The Optionsbleed vulnerability can leak arbitrary memory from the server...

9.8CVSS9.6AI score0.94999EPSS
Exploits13
ubuntu
ubuntu
added 2017/10/24 6:11 p.m.101 views

USN-3425-2: Apache HTTP Server vulnerability

USN-3425-1 fixed a vulnerability in Apache HTTP Server. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote...

7.5CVSS7.2AI score0.94999EPSS
Exploits9
nessus
nessus
added 2017/10/20 12:0 a.m.106 views

RHEL 6 : httpd (RHSA-2017:2972)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2972 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: A use-after-free flaw w...

7.5CVSS7AI score0.94999EPSS
Exploits9References7
nessus
nessus
added 2017/10/19 12:0 a.m.47 views

SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2756-1) (Optionsbleed)

This update for apache2 fixes several issues. These security issues were fixed : - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS bsc1058058 - CVE-2017-9788: Uninitialized memory reflection in modauthdigest could have lead to leakage of...

9.8CVSS7.3AI score0.94999EPSS
Exploits12References19
Rows per page
Query Builder