Lucene search
K

123 matches found

OpenVAS
OpenVAS
added 2019/09/19 12:0 a.m.65 views

CentOS Update for httpd CESA-2019:2343 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.1786EPSS
Exploits0References2
Cent OS
Cent OS
added 2019/09/18 8:21 p.m.240 views

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2019:2343 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.5CVSS6.8AI score0.1786EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2019/09/05 4:18 a.m.67 views

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2018-17199 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by checking the session expiry time before...

7.5CVSS0.9AI score0.19994EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2019/08/08 12:7 a.m.48 views

Authorization Bypass

httpd is vulnerable to authorization bypass. The vulnerability exists through URL normalization inconsistency...

5.3CVSS1.6AI score0.1786EPSS
Exploits0References59Affected Software19
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/04 2:35 p.m.32 views

Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server used in IBM WebSphere Application Server in IBM Cloud (CVE-2019-0211 CVE-2019-0220)

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. Apache HTTP Server could provide weaker than expected security, caused by URL normalization inconsistencies. Apache HTTP Server could allow a local authenticated attacker to gain elevated...

7.8CVSS1.1AI score0.65005EPSS
Exploits8Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/05/07 12:0 a.m.38 views

RHEL 8 : python27:2.7 (RHSA-2019:0981)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0981 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic...

9.8CVSS7.9AI score0.08811EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2019/04/24 12:0 a.m.65 views

openSUSE Security Update : apache2 (openSUSE-2019-1258)

This update for apache2 fixes the following issues : - CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these...

7.8CVSS7.3AI score0.65005EPSS
Exploits8References10
Tenable Nessus
Tenable Nessus
added 2019/04/18 12:0 a.m.62 views

Amazon Linux 2 : httpd (ALAS-2019-1189)

In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulating the scoreboar...

7.8CVSS6.9AI score0.65005EPSS
Exploits8References7
OSV
OSV
added 2019/04/12 6:23 a.m.21 views

SUSE-SU-2019:0888-2 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2018-17199: A bug in Apache's 'modsessioncookie' lead to an issue where the module did not respect a cookie's expiry time. bsc1122839 CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout...

7.5CVSS6.6AI score0.19994EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/04/12 12:0 a.m.254 views

openSUSE Security Update : apache2 (openSUSE-2019-1190)

This update for apache2 fixes the following issues : - CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these...

7.8CVSS7.3AI score0.65005EPSS
Exploits8References10
OPENSUSE Linux
OPENSUSE Linux
added 2019/04/11 12:0 a.m.142 views

Security update for apache2 (important)

openSUSE Security Update: Security update for apache2 Announcement ID: openSUSE-SU-2019:1190-1 Rating: important References: 1131233 1131237 1131239 1131241 1131245 Cross-References: CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 Affected Products: openSUSE Leap 42.3 An...

7.8CVSS8.7AI score0.65005EPSS
Exploits8References5
Tenable Nessus
Tenable Nessus
added 2019/04/08 12:0 a.m.66 views

SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0888-1)

This update for apache2 fixes the following issues : CVE-2018-17199: A bug in Apache's 'modsessioncookie' lead to an issue where the module did not respect a cookie's expiry time. bsc1122839 CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout a...

7.5CVSS7AI score0.19994EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.111 views

Apache HTTP Server < 2.4.39 URL Normalization Vulnerability - Windows

When the path component of a request URL contains multiple consecutive slashes SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS6.9AI score0.1786EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.172 views

Apache HTTP Server < 2.4.39 URL Normalization Vulnerability - Linux

When the path component of a request URL contains multiple consecutive slashes SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS6.9AI score0.1786EPSS
Exploits0References1
OSV
OSV
added 2019/04/05 6:57 a.m.20 views

SUSE-SU-2019:0888-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2018-17199: A bug in Apache's 'modsessioncookie' lead to an issue where the module did not respect a cookie's expiry time. bsc1122839 CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout...

7.5CVSS6.6AI score0.19994EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/04/05 12:0 a.m.53 views

SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0878-1)

This update for apache2 fixes the following issues : CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencie...

7.8CVSS7.4AI score0.65005EPSS
Exploits8References16
OSV
OSV
added 2019/04/04 2:59 p.m.23 views

SUSE-SU-2019:0878-1 Security update for apache2

This update for apache2 fixes the following issues: CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies...

7.8CVSS7.4AI score0.65005EPSS
Exploits8References11
Amazon
Amazon
added 2019/04/04 12:0 a.m.120 views

Important: httpd

Issue Overview: In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulati...

7.8CVSS7.8AI score0.65005EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2019/04/04 12:0 a.m.57 views

Debian DLA-1748-1 : apache2 security update

Several vulnerabilities have been found in the Apache HTTP server. CVE-2019-0217 A race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. The issue was...

7.5CVSS7.1AI score0.1786EPSS
Exploits0References4
ALT Linux
ALT Linux
added 2019/04/03 12:0 a.m.56 views

Security fix for the ALT Linux 8 package apache2 version 1:2.4.39-alt1

1:2.4.39-alt1 built April 3, 2019 Anton Farygin in task 226418 April 2, 2019 Anton Farygin - 2.4.39 - fixes: Apache HTTP Server privilege escalation from modules scripts. CVE-2019-0211 modauthdigest access control bypass. CVE-2019-0217 modssl access control bypass. CVE-2019-0215 Apache httpd URL...

7.2CVSS7.4AI score0.65005EPSS
Exploits8
Rows per page
Query Builder