Download
| Alert*
oval:org.secpod.oval:def:43013
The host is installed with Apple Mac OS X 10.12.6, 10.11.6 or Server 10.12.3 and is prone to a http request redirection vulnerability. A flaw is present in the application, which fails to properly handle a malicious HTTP request. Successful exploitation could allow attackers to execute arbitrary cod ... oval:org.secpod.oval:def:39594 The host is installed with Apple Mac OS X or Server 10.12.3 and is prone to a padding oracle attack vulnerability. A flaw is present in the application, which fails to properly handle mod_session_crypto module. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:2100460 The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. oval:org.secpod.oval:def:89044749 This update for apache2 fixes the following security issues: Security issues fixed: - CVE-2016-0736: Protect mod_session_crypto data with a MAC to prevent padding oracle attacks . - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS . - CVE-2016 ... oval:org.secpod.oval:def:204470 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user"s browser. A remote attac ... oval:org.secpod.oval:def:504960 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The httpd24 Software Collection has been upgraded to version 2.4.25, which provides a number ... oval:org.secpod.oval:def:41595 The host is installed with Apache HTTP Server 2.4.x through 2.4.23 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle mod_session_crypto. Successful exploitation could allow remote attackers to padding oracle attacks, particularly with CBC. oval:org.secpod.oval:def:1000780 The remote host is missing a patch 152644-03 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:111790 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:111793 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1800760 CVE-2016-0736: Padding Oracle in Apache mod_session_crypto. Affects: 2.4.1 to 2.4.23 Fixed in: 2.4.25 oval:org.secpod.oval:def:1000747 The remote host is missing a patch 152643-03 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:502013 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user"s browser. A remote attac ... oval:org.secpod.oval:def:1800360 CVE-2016-0736: Padding Oracle in Apache mod_session_crypto Affects: 2.4.1 to 2.4.23 Fixed in: 2.4.25 oval:org.secpod.oval:def:1501837 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1600495 The following security-related issues were fixed:Padding oracle vulnerability in Apache mod_session_crypto DoS vulnerability in mod_auth_digest Apache HTTP request parsing whitespace defects oval:org.secpod.oval:def:51785 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:602781 Several vulnerabilities were discovered in the Apache2 HTTP server. CVE-2016-0736 RedTeam Pentesting GmbH discovered that mod_session_crypto was vulnerable to padding oracle attacks, which could allow an attacker to guess the session cookie. CVE-2016-2161 Maksim Malyutin discovered that malicious in ... oval:org.secpod.oval:def:703588 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:39718 The host is missing a security update according to Apple advisory, APPLE-SA-2017-03-27-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... |