28 matches found
Astra Linux - уязвимость в apache2
When an HTTP/2 stream was reset by a client, there was a time window during which the memory resources associated with the request were not immediately reclaimed. Instead, the de-allocation of those resources was delayed until after the connection was closed. This allowed clients to continue...
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...
TencentOS Server 4: httpd (TSSA-2024:0664)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0664 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
RHEL 9 : mod_http2 (RHSA-2024:2368)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2368 advisory. The modhttp2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd:...
Apache HTTP Server Input Validation Error Vulnerability (CNVD-2024-36395)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server version 2.4.58 and earlier versions, which can be exploited t...
Apache HTTP Server 安全漏洞
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server version 2.4.58 and earlier versions, which can be exploited t...
EulerOS Virtualization 2.11.1 : httpd (EulerOS-SA-2024-1400)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...
EulerOS 2.0 SP8 : httpd (EulerOS-SA-2024-1273)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - When a...
BIT-APACHE-2023-43622 Apache HTTP Server: DoS in HTTP/2 with initial windows size 0
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...
EulerOS 2.0 SP9 : httpd (EulerOS-SA-2023-3302)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - When a...
EulerOS Virtualization 2.9.0 : httpd (EulerOS-SA-2024-1010)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...
EulerOS 2.0 SP10 : httpd (EulerOS-SA-2024-1061)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - When a...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1061)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OESA-2023-1804 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 When a HTTP/2 stream was reset RST frame by a client, there was a...
Fedora 37 : mod_http2 (2023-c0c6a91330)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c0c6a91330 advisory. - New version 2.0.25 - Security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
MGASA-2023-0304 Updated apache packages fix security vulnerabilities
Apache has been updated to version 2.4.58 to fix several security issues. CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST cve.mitre.org When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were n...
Updated apache packages fix security vulnerabilities
Apache has been updated to version 2.4.58 to fix several security issues. CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST cve.mitre.org When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were n...
CVE-2023-43622
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...
AZL-31610 CVE-2023-43622 affecting package httpd for versions less than 2.4.58-1
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...
CVE-2023-45802
When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...