Download
| Alert*
oval:org.secpod.oval:def:42677
The host is installed with Apache HTTP Server 2.4.17 through 2.4.23 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle exceptional conditions. Successful exploitation could allow remote attackers to cause a denial of service. oval:org.secpod.oval:def:111705 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:111701 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:116603 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:116205 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:502656 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: privilege escalation from modules scripts * httpd: mod_ssl: access control bypass when using per-location client certification authentication For more details about the secur ... oval:org.secpod.oval:def:1700154 In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads could execute arbitrary code with the privileges of the parent process by manipulating the scoreboard oval:org.secpod.oval:def:1700123 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. oval:org.secpod.oval:def:114362 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1501962 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501963 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:204608 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:503200 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Weak Digest auth nonce generation in mod_auth_digest For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informat ... oval:org.secpod.oval:def:55064 The host is installed with Apache HTTP Server 2.4.x through 2.4.37 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle the mod_session expiry time check issue. Successful exploitation could allow attackers to ignore session expiry tim ... |