Download
| Alert*
oval:org.secpod.oval:def:42624
The host is installed with Apple Mac OS 10.8 before 10.13 and is prone to a NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly process an HTTPS request. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:54103 The host is installed with Apache HTTP Server 2.4.25 and is prone to a NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle a maliciously constructed HTTP/2 request. Successful exploitation could allow attackers to dereference a NULL pointer an ... oval:org.secpod.oval:def:89043980 This update for apache2 fixes several issues. These security issues were fixed: - CVE-2017-9789: When under stress the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour . - CVE-2017-7659: A maliciously constructed HTTP/2 request c ... oval:org.secpod.oval:def:1000692 The remote host is missing a patch 152644-05 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:112588 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:112611 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:602960 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of Ad ... oval:org.secpod.oval:def:42910 The host is missing a security update according to Apple advisory, APPLE-SA-2017-10-31-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:53085 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of Ad ... oval:org.secpod.oval:def:1600742 ap_find_token buffer overread:A buffer over-read flaw was found in the httpds ap_find_token function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. Apache HTTP Request Parsing Whitespace Defects:It was discovered that the HTTP parse ... oval:org.secpod.oval:def:2101165 A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. oval:org.secpod.oval:def:54501 The host is installed with Apple Mac OS 10.8 through 10.13 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle the authentication API. Successful exploitation allows remote attackers to bypass required authentication if the API was used ... oval:org.secpod.oval:def:504972 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:1800683 CVE-2017-3167: In Apache 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. oval:org.secpod.oval:def:1800497 CVE-2017-3167: In Apache 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. oval:org.secpod.oval:def:1800761 CVE-2017-3167: In Apache 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. oval:org.secpod.oval:def:1800597 CVE-2017-3167: In Apache 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. oval:org.secpod.oval:def:1000635 The remote host is missing a patch 152643-05 containing a security fix. For more information please visit the reference link. |