Download
| Alert*
oval:org.secpod.oval:def:66576
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Push diary crash on specifically crafted HTTP/2 header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:504907 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Push diary crash on specifically crafted HTTP/2 header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:73528 The host is installed with Apache HTTP Server 2.4.20 through 2.4.43 and is prone to a denial-of-service vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted value for the Cache-Digest header in a HTTP/2 request. Successful exploitation could allow a ... oval:org.secpod.oval:def:1503039 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:504288 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Push diary crash on specifically crafted HTTP/2 header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:89000111 This update for apache2 fixes the following issues: - Enables the patch for CVE-2020-11993 and CVE-2020-9490. The patch was included but not applied in the previous update oval:org.secpod.oval:def:89000274 This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the "Cache-Digest" header in a HTTP/2 request . - CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite . - CVE-2020-11993: When trace/debug was e ... oval:org.secpod.oval:def:89000277 This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the "Cache-Digest" header in a HTTP/2 request . - CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi . - CVE-2020-11993: When trace/debug was enabled for the ... oval:org.secpod.oval:def:89050369 This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the "Cache-Digest" header in a HTTP/2 request . - CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi . - CVE-2020-11993: When trace/debug was enabled for the ... oval:org.secpod.oval:def:605004 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2020-1927 Fabrice Perez reported that certain mod_rewrite configurations are prone to an open redirect. CVE-2020-1934 Chamal De Silva discovered that the mod_proxy_ftp module uses uninitialized memory when proxying to a maliciou ... oval:org.secpod.oval:def:67016 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:1700401 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the "Cache-Digest" header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for ... oval:org.secpod.oval:def:1801864 A specially crafted value for the "Cache-Digest" header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Versions Affected: 2.4.20 to 2.4.43mod_proxy_uwsgi info disclosure and possible RCE. Versions Affected: 2.4.32 to 2.4.44When trace/ ... oval:org.secpod.oval:def:66750 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2020-1927 Fabrice Perez reported that certain mod_rewrite configurations are prone to an open redirect. CVE-2020-1934 Chamal De Silva discovered that the mod_proxy_ftp module uses uninitialized memory when proxying to a maliciou ... oval:org.secpod.oval:def:90248 The remote host is missing a patch 152643-10 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1601193 Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the "Cache-Digest" header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. ... oval:org.secpod.oval:def:118620 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:65175 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:1700397 Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vu ... oval:org.secpod.oval:def:118615 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:90250 The remote host is missing a patch 152644-10 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:705580 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:67027 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. |