Download
| Alert*
oval:org.secpod.oval:def:114243
mod_http2 is installed oval:org.secpod.oval:def:66576 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Push diary crash on specifically crafted HTTP/2 header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:120382 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:120384 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:2500313 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:4501253 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Regression of CVE-2021-40438 and CVE-2021-26691 fixes in Rocky Linux 8.5 For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ot ... oval:org.secpod.oval:def:1505327 httpd [2.4.37-43.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle"s index page oracle_index.html. [2.4.37-43] - Related: #2007235 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via a crafted request uri-path [2.4.37-42] - Resolves: #2007235 - CVE-2 ... oval:org.secpod.oval:def:1503039 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505929 httpd [2.4.37-47.0.2.2] - mod_proxy: ap_proxy_http_request to clear hop-by-hop first and fixup last [CVE-2022-31813][Orabug: 34381946] oval:org.secpod.oval:def:4501322 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session: NULL pointer dereference when parsing Cookie header * httpd: Unexpected URL matching with "MergeSlashes OFF" For more details about the security issue, including ... oval:org.secpod.oval:def:114242 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:507268 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_sed: Read/write beyond bounds * httpd: mod_lua: Use of uninitialized value of in r:parsebody * httpd: core: Possible buffer overflow with very large or unlimited LimitXML ... oval:org.secpod.oval:def:116142 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:2500250 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:503422 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_auth_digest: access control bypass due to race condition * httpd: URL normalization inconsistency For more details about the security issue, including the impact, a CVSS ... oval:org.secpod.oval:def:507546 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_dav: out-of-bounds read/write of zero byte * httpd: mod_proxy_ajp: Possible request smuggling * httpd: mod_proxy: HTTP response splitting For more details about the secu ... oval:org.secpod.oval:def:502656 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: privilege escalation from modules scripts * httpd: mod_ssl: access control bypass when using per-location client certification authentication For more details about the secur ... oval:org.secpod.oval:def:114319 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:66469 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_auth_digest: access control bypass due to race condition * httpd: URL normalization inconsistency For more details about the security issue, including the impact, a CVSS ... oval:org.secpod.oval:def:1505187 httpd [2.4.37-39.0.2.1] - mod_session: save one apr_strtok [Orabug: 33338149][CVE-2021-26690] oval:org.secpod.oval:def:2500482 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:116130 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:1506153 httpd [2.4.37-51.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-51] - Resolves: #2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via ap_rwrite - Resolves: #2097031 - CVE-2022-28615 httpd:2.4/httpd: ... oval:org.secpod.oval:def:504725 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: mod_http2 . Security Fix: * httpd: memory corruption on early pushes * httpd: read-after-free in h2 connection shutdown * htt ... oval:org.secpod.oval:def:1505425 httpd [2.4.37-43.1.0.1] - scoreboard: fix null pointer deference [Orabug: 33690670][CVE-2021-34798] - fix ap_escape_quote logic [Orabug: 33690686][CVE-2021-39275] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle"s index page oracle_index.html. [2.4.37-43.1 ... oval:org.secpod.oval:def:2500522 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:2500840 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1506439 httpd [2.4.37-51.0.1.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle"s index page oracle_index.html [2.4.37-51.1] - Resolves: #2165967 - prevent sscg creating /dhparams.pem - Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write ... oval:org.secpod.oval:def:2500943 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:4501385 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" * httpd: mod_session: Heap overflow via a crafted SessionHeader value For more details about the security is ... oval:org.secpod.oval:def:1505672 mod_http2 [1.15.7-5] - Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations [1.15.7-4] - Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd: Request splitting via HTTP/2 method injection and mod_proxy mod_md oval:org.secpod.oval:def:1700159 In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. oval:org.secpod.oval:def:4501219 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_dav: out-of-bounds read/write of zero byte * httpd: mod_proxy_ajp: Possible request smuggling * httpd: mod_proxy: HTTP response splitting For more details about the secu ... oval:org.secpod.oval:def:68002 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: mod_http2 . Security Fix: * httpd: memory corruption on early pushes * httpd: read-after-free in h2 connection shutdown * htt ... oval:org.secpod.oval:def:116679 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:1505203 httpd [2.4.37-41.0.1] - Add checks on the configured UDS path [Orabug: 33412270][CVE-2021-40438] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-41] - Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS ... oval:org.secpod.oval:def:506804 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling For more details about the security issue, including the impact, a CVSS score, acknowle ... oval:org.secpod.oval:def:1505326 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500144 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:115253 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:1700094 In Apache HTTP Server, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. oval:org.secpod.oval:def:115242 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:115361 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:126440 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:1504916 httpd [2.4.37-39.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-39] - prevent htcacheclean from while break when first file processed [2.4.37-38] - Resolves: #1918741 - Thousands of /tmp/modproxy.tmp.* files cre ... oval:org.secpod.oval:def:4501348 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: mod_proxy_uwsgi buffer overflow * httpd: mod_http2 concurrent pool usage For more details about the security issue, ... oval:org.secpod.oval:def:2500486 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:118620 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:118615 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:73612 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: mod_proxy_uwsgi buffer overflow * httpd: mod_http2 concurrent pool usage For more details about the security issue, ... oval:org.secpod.oval:def:2600603 The mod_http2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:2600597 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:1502684 The advisory is missing the security advisory description. For more information please visit the reference link |