Download
| Alert*
oval:org.secpod.oval:def:112588
The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:42625 The host is installed with Apple Mac OS 10.8 before 10.13 and is prone to a buffer over-read vulnerability. A flaw is present in the application, which fails to properly process a specially crafted HTTP request. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:53085 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of Ad ... oval:org.secpod.oval:def:89044925 This update for apache2 fixes the following issues: - Allow disabling SNI on proxy connections using SetEnv proxy-disable-sni 1 in the configuration files. - Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. Following security issue has been fixed: - CVE-2017-97 ... oval:org.secpod.oval:def:703676 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:1000635 The remote host is missing a patch 152643-05 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:112611 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:602960 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of Ad ... oval:org.secpod.oval:def:42910 The host is missing a security update according to Apple advisory, APPLE-SA-2017-10-31-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:2101165 A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. oval:org.secpod.oval:def:1800497 CVE-2017-3167: In Apache 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. oval:org.secpod.oval:def:204608 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:41598 The host is installed with Apache HTTP Server 2.2.32 and 2.4.24 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle ap_find_token(). Successful exploitation could allow remote attackers to cause a segmentation fault, or to force ap_find_token() t ... oval:org.secpod.oval:def:1600742 ap_find_token buffer overread:A buffer over-read flaw was found in the httpds ap_find_token function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. Apache HTTP Request Parsing Whitespace Defects:It was discovered that the HTTP parse ... oval:org.secpod.oval:def:54501 The host is installed with Apple Mac OS 10.8 through 10.13 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle the authentication API. Successful exploitation allows remote attackers to bypass required authentication if the API was used ... oval:org.secpod.oval:def:504972 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:1800683 CVE-2017-3167: In Apache 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. oval:org.secpod.oval:def:1800761 CVE-2017-3167: In Apache 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. oval:org.secpod.oval:def:51833 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:1000692 The remote host is missing a patch 152644-05 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:2101141 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. oval:org.secpod.oval:def:502127 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:1800597 CVE-2017-3167: In Apache 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. oval:org.secpod.oval:def:1501963 The advisory is missing the security advisory description. For more information please visit the reference link |