Download
| Alert*
|
oval:org.secpod.oval:def:2101150
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type "Digest" was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no "=" assignment could reflect the stale v ... oval:org.secpod.oval:def:42627 The host is installed with Apple Mac OS 10.8 before 10.13 and is prone to an uninitialized memory corruption vulnerability. A flaw is present in the application, which fails to properly handle specially crafted requests to a server. Successful exploitation allows remote attackers to disclose potenti ... oval:org.secpod.oval:def:89044652 This update provides apache2 2.2.34, which brings many fixes and enhancements: Security issues fixed: - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. Bug fixes: - Remove /usr/bin/http2 link only during package uninstall, not upgrade. - Don"t put the backend in error state whe ... oval:org.secpod.oval:def:41600 The host is installed with Apache HTTP Server 2.2.x before 2.2.34 and 2.4.x before 2.4.27 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle mod_mime. Successful exploitation could allow remote attackers to leak confidential informati ... oval:org.secpod.oval:def:89044988 This update for apache2 fixes the following issues: Security issue fixed: - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. Bug fixes: - Include individual sysconfig.d files instead of the whole sysconfig.d directory. - Include sysconfig.d/include.conf after httpd.conf is process ... oval:org.secpod.oval:def:51856 apache2: Apache HTTP server Apache HTTP Server could be made to crash or leak sensitive information if it received specially crafted network traffic. oval:org.secpod.oval:def:53099 Robert Swiecki reported that mod_auth_digest does not properly initialize or reset the value placeholder in [Proxy-]Authorization headers of type "Digest" between successive key=value assignments, leading to information disclosure or denial of service. oval:org.secpod.oval:def:603013 Robert Swiecki reported that mod_auth_digest does not properly initialize or reset the value placeholder in [Proxy-]Authorization headers of type "Digest" between successive key=value assignments, leading to information disclosure or denial of service. oval:org.secpod.oval:def:703729 apache2: Apache HTTP server Apache HTTP Server could be made to crash or leak sensitive information if it received specially crafted network traffic. oval:org.secpod.oval:def:1000635 The remote host is missing a patch 152643-05 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:42910 The host is missing a security update according to Apple advisory, APPLE-SA-2017-10-31-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:204608 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:54501 The host is installed with Apple Mac OS 10.8 through 10.13 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle the authentication API. Successful exploitation allows remote attackers to bypass required authentication if the API was used ... oval:org.secpod.oval:def:504972 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:1600771 A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. It was discovered that the use of http ... oval:org.secpod.oval:def:1000692 The remote host is missing a patch 152644-05 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:502126 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:502127 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:204546 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:1501962 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501963 The advisory is missing the security advisory description. For more information please visit the reference link |
