nginx security update

2:1.26.3-2.0.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 2:1.26.3-2 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections...

httpd security update

2.4.6-99.0.9.1 - Fix CVE-2025-58098 Orabug: 38816066 2.4.6-99.0.7.1 - Fixed security update CVE-2024-47252 CVE-2025-49812 Orabug: 38378160 2.4.6-99.0.5.1 - Differentiate trusted sources Orabug: 37100272CVE-2024-38476 2.4.6-99.0.3.1 - Opt-ins for unsafe prefixstat and %3f Orabug:...

httpd security update

2.4.62-7.0.1.3 - Replace index.html with Oracle's index page oracleindex.html. 2.4.62-7.3 - Resolves: RHEL-135063 - httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 - Resolves: RHEL-135048 - httpd: Apache HTTP Server: CGI environment variable override...

Oracle Linux 10 : httpd (ELSA-2025-15095)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-15095 advisory. 2.4.63-1.0.1.2 - Replace index.html with Oracle's index page oracleindex.html. Tenable has extracted the preceding description block directly from th...

httpd security update

2.4.62-4.0.1.4 - Replace index.html with Oracle's index page oracleindex.html. 2.4.62-4.4 - Resolves: RHEL-99949 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade 2.4.62-4.1 - Resolves: RHEL-99972 - CVE-2024-47252 httpd: insufficient escaping of user-supplied data in modssl - Resolves...

httpd security update

2.4.57-11.0.1 - Replace index.html with Oracle's index page oracleindex.html. 2.4.57-11 - Resolves: RHEL-45792 - httpd: Encoding problem in modproxy CVE-2024-38473 2.4.57-9 - Resolves: RHEL-45766 - httpd: null pointer dereference in modproxy CVE-2024-38477 - Resolves: RHEL-45749 - httpd: Potentia...

httpd:2.4/httpd security update

httpd 2.4.37-65.0.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-65 - Resolves: RHEL-31857 - httpd:2.4/httpd: HTTP response splitting CVE-2023-38709 modhttp2 modmd...

httpd security and bug fix update

2.4.53-7.0.1 - Replace index.html with Oracle's index page oracleindex.html. 2.4.53-7.1 - Resolves: 2165975 - prevent sscg creating /dhparams.pem - Resolves: 2165970 - CVE-2006-20001 httpd: moddav: out-of-bounds read/write of zero byte - Resolves: 2165973 - CVE-2022-37436 httpd: modproxy: HTTP...

httpd:2.4 security update

httpd 2.4.37-43.0.2.2 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-43.2 - Resolves: 2059256 - CVE-2021-34798 httpd:2.4/httpd: NULL pointer dereference via malformed requests - Resolves: 2059257 - CVE-2021-39275...

httpd security update

2.4.6-97.0.5.4 - modsession: save one aprstrtok Orabug: 33338149CVE-2021-26690 - replace index.html with Oracle's index page oracleindex.html 2.4.6-97.4 - Resolves: 2031072 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests - Resolves: 2031074 - CVE-2021-39275 httpd:...

Oracle Linux 5 / 6 : httpd (ELSA-2016-1421)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-1421 advisory. 2.2.3-92.0.1 - Add the ability to read DH parameters from the first SSLCertificateFile John Haxby orabug 21671194 - fix modssl always performing full...

httpd security update

2.2.15-47.0.1 - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.2.15-47 - fix regressions caused by fix for CVE-2015-3183 2.2.15-46 - core: fix chunk header parsing defect CVE-2015-3183...

httpd security update

2.2.15-31.0.1.el65 - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.2.15-31 - modcgid: add security fix for CVE-2014-0231 - moddeflate: add security fix for CVE-2014-0118 - modstatus: add security fix for CVE-2014-0226...

httpd security update

2.2.15-29.0.1.el64 - replace index.html with Oracle's index page oracleindex.html update vstring in specfile 2.2.15-29 - moddav: add security fix for CVE-2013-1896 991368...

Oracle Linux 5 : httpd (ELSA-2008-0967)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0967 advisory. 2.2.3-11.0.1.el52.4 - use oracle index page oracleindex.html - update vstring and distro in specfile 2.2.3-11.el52.4 - add security fixes for...

httpd security, bug fix, and enhancement update

2.2.15-26.0.1.el6 - replace index.html with Oracle's index page oracleindex.html update vstring in specfile 2.2.15-26 - htcacheclean: exit with code 4 also for 'restart' action 805810 2.2.15-25 - htcacheclean: exit with code 4 if nonprivileged user runs initscript 805810 - rotatelogs: omit the...

httpd security, bug fix, and enhancement update

2.0.52-41.ent.7.0.1 - Use oracle index page oracleindex.html - Update vstring and distro in specfile 2.0.52-41.ent.7 - add security fix for CVE-2010-0434 572955 - moddav: don't delete the existing resource if a PUT fails 572932 - modssl: add SSLInsecureRenegotiation directive 575805 - Require and...

httpd security update

2.0.52-41.ent.6.0.1 - use oracle index page oracleindex.html - update vstring and distro in specfile 2.0.52-41.ent.6 - add security fixes for CVE-2009-3555, CVE-2009-1891, CVE-2009-3094, and CVE-2009-3095 534039...

httpd security and bug fix update

2.0.46-75.0.1.ent - use oracle index page oracleindex.html - remove logos in poweredby.gif and poweredbyrh.png - add apr-configure.patch 2.0.46-75.ent - add security fix for CVE-2009-1891 515705 - include fix for upstream PR 39605 2.0.46-74.ent - add security fixes for CVE-2009-2412 515705 - add...

Moderate: httpd security update

2.0.46-70.ent.0.1 - use oracle index page oracleindex.html and logo removal - add apr-configure.patch 2.0.46-70.ent - add security fix for CVE-2007-6388 427235 - add security fix for modproxyftp UTF-7 XSS 427742 2.0.46-69.ent - add security fix for CVE-2007-3847 250759 - add security fixes for...