Download
| Alert*
oval:org.secpod.oval:def:120879
The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:204199 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after heade ... oval:org.secpod.oval:def:203118 httpd is installed oval:org.secpod.oval:def:1500930 The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. oval:org.secpod.oval:def:204470 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user"s browser. A remote attac ... oval:org.secpod.oval:def:66576 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Push diary crash on specifically crafted HTTP/2 header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:1600801 Hash character matches all IPs:A regression was found in httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource oval:org.secpod.oval:def:204206 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after heade ... oval:org.secpod.oval:def:204540 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If ... oval:org.secpod.oval:def:202238 The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ... oval:org.secpod.oval:def:1601337 It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The h ... oval:org.secpod.oval:def:1601241 It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect t ... oval:org.secpod.oval:def:201680 The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, ... oval:org.secpod.oval:def:201687 The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, ... oval:org.secpod.oval:def:1601230 The Apache HTTP Server is a popular web server.A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd user ... oval:org.secpod.oval:def:201849 The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a ... oval:org.secpod.oval:def:201893 The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a ... oval:org.secpod.oval:def:118648 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:111790 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:111793 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:111705 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:111701 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:110867 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:110847 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1600021 The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." oval:org.secpod.oval:def:4501253 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Regression of CVE-2021-40438 and CVE-2021-26691 fixes in Rocky Linux 8.5 For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ot ... oval:org.secpod.oval:def:2500313 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1505327 httpd [2.4.37-43.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle"s index page oracle_index.html. [2.4.37-43] - Related: #2007235 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via a crafted request uri-path [2.4.37-42] - Resolves: #2007235 - CVE-2 ... oval:org.secpod.oval:def:1503039 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700073 By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 oval:org.secpod.oval:def:114840 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:114855 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:500067 The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd us ... oval:org.secpod.oval:def:1503195 Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is a ... oval:org.secpod.oval:def:500263 The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd us ... oval:org.secpod.oval:def:500443 The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a ... oval:org.secpod.oval:def:1600283 Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user"s ... oval:org.secpod.oval:def:501081 The Apache HTTP Server is a popular web server. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to cras ... oval:org.secpod.oval:def:1500205 Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:500208 The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, ... oval:org.secpod.oval:def:1500110 Updated httpd packages that fix two security issues, several bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. Common Vulnerability Scoring System base scores,which give detailed ... oval:org.secpod.oval:def:1500234 Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:500992 The httpd packages contain the Apache HTTP Server , which is the namesake project of The Apache Software Foundation. An input sanitization flaw was found in the mod_negotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has th ... oval:org.secpod.oval:def:501054 The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary w ... oval:org.secpod.oval:def:202904 The Apache HTTP Server is a popular web server. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to cras ... oval:org.secpod.oval:def:105756 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:202579 The httpd packages contain the Apache HTTP Server , which is the namesake project of The Apache Software Foundation. An input sanitization flaw was found in the mod_negotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has th ... oval:org.secpod.oval:def:1500169 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:1500170 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:202920 The Apache HTTP Server is a popular web server. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to cras ... oval:org.secpod.oval:def:1503349 Updated httpd packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1600247 Multiple cross-site scripting vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via ... oval:org.secpod.oval:def:202510 The httpd packages contain the Apache HTTP Server , which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options ... oval:org.secpod.oval:def:202878 The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary w ... oval:org.secpod.oval:def:202877 The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary w ... oval:org.secpod.oval:def:1500021 Updated httpd packages that fix multiple security issues, various bugs,and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having lowsecurity impact. Common Vulnerability Scoring System base scores,which give detailed se ... oval:org.secpod.oval:def:500949 The httpd packages contain the Apache HTTP Server (httpd), which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews ... oval:org.secpod.oval:def:1500438 Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:203299 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker ... oval:org.secpod.oval:def:203297 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker ... oval:org.secpod.oval:def:1500436 Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:500713 The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ... oval:org.secpod.oval:def:500745 The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ... oval:org.secpod.oval:def:1600004 It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, pos ... oval:org.secpod.oval:def:500117 The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, ... oval:org.secpod.oval:def:106896 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:501219 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker ... oval:org.secpod.oval:def:501221 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker ... oval:org.secpod.oval:def:1503775 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:106797 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:111125 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:111035 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:203967 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly use ... oval:org.secpod.oval:def:203966 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly use ... oval:org.secpod.oval:def:203965 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly use ... oval:org.secpod.oval:def:108487 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:501771 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after heade ... oval:org.secpod.oval:def:501613 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after heade ... oval:org.secpod.oval:def:108459 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1504528 [2.2.15-45.0.1] - replace index.html with Oracle"s index page oracle_index.html - update vstring in specfile [2.2.15-45] - mod_proxy_balancer: add support for "drain mode" [2.2.15-44] - set SSLCipherSuite to DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES [2.2.15-43] - revert DirectoryMatch patch from ... oval:org.secpod.oval:def:109132 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:501848 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly use ... oval:org.secpod.oval:def:501849 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectl ... oval:org.secpod.oval:def:1501514 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly ... oval:org.secpod.oval:def:1501515 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly ... oval:org.secpod.oval:def:1501516 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly ... oval:org.secpod.oval:def:1600429 It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could p ... oval:org.secpod.oval:def:1600717 Apache HTTP Request Parsing Whitespace DefectsIt was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that inte ... oval:org.secpod.oval:def:502066 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If ... oval:org.secpod.oval:def:502013 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user"s browser. A remote attac ... oval:org.secpod.oval:def:1501929 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501837 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1200039 Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP requ ... oval:org.secpod.oval:def:109306 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:501639 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ... oval:org.secpod.oval:def:501638 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ... oval:org.secpod.oval:def:1501134 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ... oval:org.secpod.oval:def:203694 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ... oval:org.secpod.oval:def:109370 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:203703 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ... oval:org.secpod.oval:def:1501121 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ... oval:org.secpod.oval:def:1504916 httpd [2.4.37-39.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-39] - prevent htcacheclean from while break when first file processed [2.4.37-38] - Resolves: #1918741 - Thousands of /tmp/modproxy.tmp.* files cre ... oval:org.secpod.oval:def:114244 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1505575 [2.4.37-43.0.3.3] - Resolves: CVE-2021-33193 a crafted method sent through HTTP/2 will bypass validation [Orabug: 33942809] oval:org.secpod.oval:def:503274 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_auth_digest: access control bypass due to race condition * httpd: URL normalization inconsistency For more details about the security issue, including the impact, a CVSS ... oval:org.secpod.oval:def:205932 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_lua: Possible buffer overflow when parsing multipart content * httpd: mod_session: Heap overflow via a crafted SessionHeader value * httpd: NULL pointer dereference via m ... oval:org.secpod.oval:def:4501348 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: mod_proxy_uwsgi buffer overflow * httpd: mod_http2 concurrent pool usage For more details about the security issue, ... oval:org.secpod.oval:def:2500522 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1506439 httpd [2.4.37-51.0.1.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle"s index page oracle_index.html [2.4.37-51.1] - Resolves: #2165967 - prevent sscg creating /dhparams.pem - Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write ... oval:org.secpod.oval:def:116205 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:205363 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_auth_digest: access control bypass due to race condition * httpd: URL normalization inconsistency For more details about the security issue, including the impact, a CVSS ... oval:org.secpod.oval:def:2600032 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:4501385 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" * httpd: mod_session: Heap overflow via a crafted SessionHeader value For more details about the security is ... oval:org.secpod.oval:def:124950 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:205909 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_proxy: SSRF via a crafted request uri-path containing unix: For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other relat ... oval:org.secpod.oval:def:73612 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: mod_proxy_uwsgi buffer overflow * httpd: mod_http2 concurrent pool usage For more details about the security issue, ... oval:org.secpod.oval:def:1506451 [2.4.53-7.0.1] - Replace index.html with Oracle"s index page oracle_index.html. [2.4.53-7.1] - Resolves: #2165975 - prevent sscg creating /dhparams.pem - Resolves: #2165970 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte - Resolves: #2165973 - CVE-2022-37436 httpd: mod_proxy: ... oval:org.secpod.oval:def:503616 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values * httpd: Out of bounds access afte ... oval:org.secpod.oval:def:2500620 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:507268 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_sed: Read/write beyond bounds * httpd: mod_lua: Use of uninitialized value of in r:parsebody * httpd: core: Possible buffer overflow with very large or unlimited LimitXML ... oval:org.secpod.oval:def:126439 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1700890 A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest treat of this vulnerability is availability. A flaw was found in httpd. The inbound connection is ... oval:org.secpod.oval:def:507391 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd . Security Fix: * httpd: mod_sed: Read/write beyond bounds * httpd: mod_lua: Use of uninitialized value of in r:parsebod ... oval:org.secpod.oval:def:122526 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:2500567 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1505425 httpd [2.4.37-43.1.0.1] - scoreboard: fix null pointer deference [Orabug: 33690670][CVE-2021-34798] - fix ap_escape_quote logic [Orabug: 33690686][CVE-2021-39275] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle"s index page oracle_index.html. [2.4.37-43.1 ... oval:org.secpod.oval:def:1505672 mod_http2 [1.15.7-5] - Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations [1.15.7-4] - Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd: Request splitting via HTTP/2 method injection and mod_proxy mod_md oval:org.secpod.oval:def:1505434 [2.4.6-97.0.5.4] - mod_session: save one apr_strtok [Orabug: 33338149][CVE-2021-26690] - replace index.html with Oracle"s index page oracle_index.html [2.4.6-97.4] - Resolves: #2031072 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests - Resolves: #2031074 - CVE-2021-39275 httpd ... oval:org.secpod.oval:def:68002 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: mod_http2 . Security Fix: * httpd: memory corruption on early pushes * httpd: read-after-free in h2 connection shutdown * htt ... oval:org.secpod.oval:def:1505203 httpd [2.4.37-41.0.1] - Add checks on the configured UDS path [Orabug: 33412270][CVE-2021-40438] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-41] - Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS ... oval:org.secpod.oval:def:1505326 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:19500181 There's a null pointer dereference and server-side request forgery flaw in httpd's mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Dom ... oval:org.secpod.oval:def:19500067 A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. Inconsistent Interpretation of HTTP Requests vuln ... oval:org.secpod.oval:def:503422 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_auth_digest: access control bypass due to race condition * httpd: URL normalization inconsistency For more details about the security issue, including the impact, a CVSS ... oval:org.secpod.oval:def:2600409 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:205549 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values * httpd: Out of bounds access afte ... oval:org.secpod.oval:def:66469 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_auth_digest: access control bypass due to race condition * httpd: URL normalization inconsistency For more details about the security issue, including the impact, a CVSS ... oval:org.secpod.oval:def:124900 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1505187 httpd [2.4.37-39.0.2.1] - mod_session: save one apr_strtok [Orabug: 33338149][CVE-2021-26690] oval:org.secpod.oval:def:2500482 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1506153 httpd [2.4.37-51.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-51] - Resolves: #2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via ap_rwrite - Resolves: #2097031 - CVE-2022-28615 httpd:2.4/httpd: ... oval:org.secpod.oval:def:2500486 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:116603 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:76612 A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. oval:org.secpod.oval:def:76611 A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery ... oval:org.secpod.oval:def:506837 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling For more details about the security issue, including the impact, a CVSS score, acknowle ... oval:org.secpod.oval:def:205642 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications * httpd: Out of bounds read in mod_cache_socache can allow a re ... oval:org.secpod.oval:def:503208 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Weak Digest auth nonce generation in mod_auth_digest For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informat ... oval:org.secpod.oval:def:1700154 In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads could execute arbitrary code with the privileges of the parent process by manipulating the scoreboard oval:org.secpod.oval:def:5800069 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd . Security Fix: * httpd: mod_sed: Read/write beyond bounds * httpd: mod_lua: Use of uninitialized value of in r:parsebod ... oval:org.secpod.oval:def:1505929 httpd [2.4.37-47.0.2.2] - mod_proxy: ap_proxy_http_request to clear hop-by-hop first and fixup last [CVE-2022-31813][Orabug: 34381946] oval:org.secpod.oval:def:4501322 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session: NULL pointer dereference when parsing Cookie header * httpd: Unexpected URL matching with "MergeSlashes OFF" For more details about the security issue, including ... oval:org.secpod.oval:def:1700803 There's a null pointer dereference and server-side request forgery flaw in httpd's mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Dom ... oval:org.secpod.oval:def:507546 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_dav: out-of-bounds read/write of zero byte * httpd: mod_proxy_ajp: Possible request smuggling * httpd: mod_proxy: HTTP response splitting For more details about the secu ... oval:org.secpod.oval:def:502656 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: privilege escalation from modules scripts * httpd: mod_ssl: access control bypass when using per-location client certification authentication For more details about the secur ... oval:org.secpod.oval:def:504725 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: mod_http2 . Security Fix: * httpd: memory corruption on early pushes * httpd: read-after-free in h2 connection shutdown * htt ... oval:org.secpod.oval:def:120867 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:2500840 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:87150 [2.4.53-7.0.1] - Replace index.html with Oracles index page oracle_index.html. [2.4.53-7] - Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling - Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match - Resolves: #2098248 - CVE-2022-31813 ht ... oval:org.secpod.oval:def:2500943 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:507560 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_dav: out-of-bounds read/write of zero byte * httpd: mod_proxy_ajp: Possible request smuggling * httpd: mod_proxy: HTTP response splitting For more details about the secu ... oval:org.secpod.oval:def:121800 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:4501219 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_dav: out-of-bounds read/write of zero byte * httpd: mod_proxy_ajp: Possible request smuggling * httpd: mod_proxy: HTTP response splitting For more details about the secu ... oval:org.secpod.oval:def:506804 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling For more details about the security issue, including the impact, a CVSS score, acknowle ... oval:org.secpod.oval:def:506803 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling For more details about the security issue, including the impact, a CVSS score, acknowle ... oval:org.secpod.oval:def:2500144 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1700123 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. oval:org.secpod.oval:def:97571 [CLSA-2021:1633601543] Fixed CVE-2020-35452 in httpd oval:org.secpod.oval:def:97579 [CLSA-2021:1634745216] Fixed CVE-2021-39275 in httpd oval:org.secpod.oval:def:97612 [CLSA-2022:1648136177] Fixed CVEs in httpd: CVE-2022-22720, CVE-2022-22721 oval:org.secpod.oval:def:97649 [CLSA-2022:1656447241] Fixed CVEs in httpd: CVE-2022-31813, CVE-2022-28615, CVE-2022-26377 oval:org.secpod.oval:def:97677 [CLSA-2022:1663173256] Fixed CVE-2022-28614 in httpd oval:org.secpod.oval:def:97678 [CLSA-2022:1663591920] Fixed CVE-2022-28614 in httpd oval:org.secpod.oval:def:97705 [CLSA-2023:1675111939] httpd: Fix of CVE-2022-36760 oval:org.secpod.oval:def:97716 [CLSA-2023:1678136793] httpd: Fix of CVE-2006-20001 oval:org.secpod.oval:def:500320 The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where mod_proxy is used in loa ... oval:org.secpod.oval:def:201742 The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where mod_proxy is used in loa ... oval:org.secpod.oval:def:201748 The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where mod_proxy is used in loa ... oval:org.secpod.oval:def:114362 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:112611 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:113262 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:204608 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:107228 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1502033 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502039 Several security issues were fixed in httpd. oval:org.secpod.oval:def:1500652 Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1500655 Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:502150 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ... oval:org.secpod.oval:def:502156 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ... oval:org.secpod.oval:def:107376 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1600771 A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. It was discovered that the use of http ... oval:org.secpod.oval:def:1600776 Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user"s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. ... oval:org.secpod.oval:def:112588 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:113556 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:204571 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ... oval:org.secpod.oval:def:204577 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ... oval:org.secpod.oval:def:203359 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a thread ... oval:org.secpod.oval:def:502126 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:204546 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:502127 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:1501962 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500635 A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd ch ... oval:org.secpod.oval:def:1501963 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1600109 A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child p ... oval:org.secpod.oval:def:501338 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a thread ... oval:org.secpod.oval:def:501339 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a thread ... oval:org.secpod.oval:def:203371 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a thread ... oval:org.secpod.oval:def:203375 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a thread ... oval:org.secpod.oval:def:500675 The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s session . This could force the server to process an attacker"s request as if ... oval:org.secpod.oval:def:202112 The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. A denial of service flaw was found in the Apach ... oval:org.secpod.oval:def:500531 The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. A denial of service flaw was found in the Apach ... oval:org.secpod.oval:def:202212 The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impactin ... oval:org.secpod.oval:def:202155 The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. A denial of service flaw was found in the Apach ... oval:org.mitre.oval:def:8662 The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pac ... oval:org.secpod.oval:def:201984 The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impactin ... oval:org.secpod.oval:def:202198 The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s session . This could force the server to process an attacker"s request as if ... oval:org.secpod.oval:def:202179 The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s session . This could force the server to process an attacker"s request as if ... oval:org.secpod.oval:def:500700 The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impactin ... oval:org.secpod.oval:def:503200 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Weak Digest auth nonce generation in mod_auth_digest For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informat ... oval:org.secpod.oval:def:1502684 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:19500204 Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli ... oval:org.secpod.oval:def:507591 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: HTTP request splitting with mod_rewrite and mod_proxy For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informa ... oval:org.secpod.oval:def:19500508 Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. A flaw was found in httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that connection indefinitely in the Ap ... oval:org.secpod.oval:def:1701916 Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. A flaw was found in httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that connection indefinitely in the Ap ... oval:org.secpod.oval:def:1701229 Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli ... |