Download
| Alert*
oval:org.secpod.oval:def:42677
The host is installed with Apache HTTP Server 2.4.17 through 2.4.23 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle exceptional conditions. Successful exploitation could allow remote attackers to cause a denial of service. oval:org.secpod.oval:def:41600 The host is installed with Apache HTTP Server 2.2.x before 2.2.34 and 2.4.x before 2.4.27 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle mod_mime. Successful exploitation could allow remote attackers to leak confidential informati ... oval:org.secpod.oval:def:111705 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:111701 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:47260 The host is installed with Apache HTTP Server 2.2.x before 2.2.32 or 2.4.x before 2.4.24 and is prone to a CRLF Injection vulnerability. A flaw is present in the application, which fails to handle the Location or other outbound header key or value. Successful exploitation could allow remote attacker ... oval:org.secpod.oval:def:55064 The host is installed with Apache HTTP Server 2.4.x through 2.4.37 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle the mod_session expiry time check issue. Successful exploitation could allow attackers to ignore session expiry tim ... oval:org.secpod.oval:def:502656 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: privilege escalation from modules scripts * httpd: mod_ssl: access control bypass when using per-location client certification authentication For more details about the secur ... oval:org.secpod.oval:def:116603 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:116205 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1700154 In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads could execute arbitrary code with the privileges of the parent process by manipulating the scoreboard oval:org.secpod.oval:def:1700123 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. oval:org.secpod.oval:def:113556 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:114362 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:204571 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ... oval:org.secpod.oval:def:204577 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ... oval:org.secpod.oval:def:113262 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1502033 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502039 Several security issues were fixed in httpd. oval:org.secpod.oval:def:204608 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:41596 The host is installed with Apache HTTP Server 2.2.x through 2.2.33 or 2.4.x before 2.4.26 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase. Success ... oval:org.secpod.oval:def:502150 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ... oval:org.secpod.oval:def:502156 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ... oval:org.secpod.oval:def:1600771 A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. It was discovered that the use of http ... oval:org.secpod.oval:def:502126 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:204546 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:502127 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:1501962 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501963 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:503200 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Weak Digest auth nonce generation in mod_auth_digest For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informat ... |