Download
| Alert*
|
oval:org.secpod.oval:def:54093
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:54094 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:55065 The host is installed with Apache HTTP Server 2.4.17 through 2.4.37 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the HTTP/2 (mod_http2) connections. Successful exploitation could allow attackers to cause a denial of service f ... oval:org.secpod.oval:def:116142 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:504878 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: mod_auth_di ... oval:org.secpod.oval:def:89050604 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17189: Fixed a denial of service in mod_http2, via slow and unneeded request bodies - CVE-2018-17199: Fixed that mod_session_cookie did not respect expiry time Non-security issue fixed: - sysconfig.d is not creat ... oval:org.secpod.oval:def:2001278 In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. oval:org.secpod.oval:def:89003258 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17189: Fixed a denial of service in mod_http2, via slow and unneeded request bodies - CVE-2018-17199: Fixed that mod_session_cookie did not respect expiry time Non-security issue fixed: - sysconfig.d is not creat ... oval:org.secpod.oval:def:2104597 In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. oval:org.secpod.oval:def:116130 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:504725 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: mod_http2 . Security Fix: * httpd: memory corruption on early pushes * httpd: read-after-free in h2 connection shutdown * htt ... oval:org.secpod.oval:def:1801348 CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ... oval:org.secpod.oval:def:1504457 httpd [2.4.37-13.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-30] - Resolves: #1209162 - support logging to journald from CustomLog [2.4.37-29] - Resolves: #1823263 - CVE-2020-1934 httpd: mod_proxy_ftp use of ... oval:org.secpod.oval:def:1600980 A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or l ... oval:org.secpod.oval:def:1900125 In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread clean ing up that in colibming-dev data. This affects only HTTP/2 connections. oval:org.secpod.oval:def:603841 Several vulnerabilities have been found in the Apache HTTP server. CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in mod_http2. By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming dat ... oval:org.secpod.oval:def:54395 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:1801294 CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ... oval:org.secpod.oval:def:1700159 In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. oval:org.secpod.oval:def:1801296 CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ... oval:org.secpod.oval:def:1801297 CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ... oval:org.secpod.oval:def:68002 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: mod_http2 . Security Fix: * httpd: memory corruption on early pushes * httpd: read-after-free in h2 connection shutdown * htt ... oval:org.secpod.oval:def:70629 Several vulnerabilities have been found in the Apache HTTP server. CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in mod_http2. By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming dat ... oval:org.secpod.oval:def:2500144 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1000590 The remote host is missing a patch 152644-07 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000452 The remote host is missing a patch 152643-07 containing a security fix. For more information please visit the reference link. |
