Download
| Alert*
oval:org.secpod.oval:def:1504529
mod_ssl is installed oval:org.secpod.oval:def:2500313 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:4501253 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Regression of CVE-2021-40438 and CVE-2021-26691 fixes in Rocky Linux 8.5 For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ot ... oval:org.secpod.oval:def:1505327 httpd [2.4.37-43.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle"s index page oracle_index.html. [2.4.37-43] - Related: #2007235 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via a crafted request uri-path [2.4.37-42] - Resolves: #2007235 - CVE-2 ... oval:org.secpod.oval:def:19500181 There's a null pointer dereference and server-side request forgery flaw in httpd's mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Dom ... oval:org.secpod.oval:def:5800069 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd . Security Fix: * httpd: mod_sed: Read/write beyond bounds * httpd: mod_lua: Use of uninitialized value of in r:parsebod ... oval:org.secpod.oval:def:1505929 httpd [2.4.37-47.0.2.2] - mod_proxy: ap_proxy_http_request to clear hop-by-hop first and fixup last [CVE-2022-31813][Orabug: 34381946] oval:org.secpod.oval:def:4501322 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session: NULL pointer dereference when parsing Cookie header * httpd: Unexpected URL matching with "MergeSlashes OFF" For more details about the security issue, including ... oval:org.secpod.oval:def:19500067 A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. Inconsistent Interpretation of HTTP Requests vuln ... oval:org.secpod.oval:def:1700803 There's a null pointer dereference and server-side request forgery flaw in httpd's mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Dom ... oval:org.secpod.oval:def:507268 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_sed: Read/write beyond bounds * httpd: mod_lua: Use of uninitialized value of in r:parsebody * httpd: core: Possible buffer overflow with very large or unlimited LimitXML ... oval:org.secpod.oval:def:507546 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_dav: out-of-bounds read/write of zero byte * httpd: mod_proxy_ajp: Possible request smuggling * httpd: mod_proxy: HTTP response splitting For more details about the secu ... oval:org.secpod.oval:def:1505575 [2.4.37-43.0.3.3] - Resolves: CVE-2021-33193 a crafted method sent through HTTP/2 will bypass validation [Orabug: 33942809] oval:org.secpod.oval:def:2600409 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1700890 A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest treat of this vulnerability is availability. A flaw was found in httpd. The inbound connection is ... oval:org.secpod.oval:def:507391 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd . Security Fix: * httpd: mod_sed: Read/write beyond bounds * httpd: mod_lua: Use of uninitialized value of in r:parsebod ... oval:org.secpod.oval:def:1505187 httpd [2.4.37-39.0.2.1] - mod_session: save one apr_strtok [Orabug: 33338149][CVE-2021-26690] oval:org.secpod.oval:def:2500482 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:205932 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_lua: Possible buffer overflow when parsing multipart content * httpd: mod_session: Heap overflow via a crafted SessionHeader value * httpd: NULL pointer dereference via m ... oval:org.secpod.oval:def:1506153 httpd [2.4.37-51.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-51] - Resolves: #2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via ap_rwrite - Resolves: #2097031 - CVE-2022-28615 httpd:2.4/httpd: ... oval:org.secpod.oval:def:2500567 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1505425 httpd [2.4.37-43.1.0.1] - scoreboard: fix null pointer deference [Orabug: 33690670][CVE-2021-34798] - fix ap_escape_quote logic [Orabug: 33690686][CVE-2021-39275] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle"s index page oracle_index.html. [2.4.37-43.1 ... oval:org.secpod.oval:def:2500522 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:2500840 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1506439 httpd [2.4.37-51.0.1.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle"s index page oracle_index.html [2.4.37-51.1] - Resolves: #2165967 - prevent sscg creating /dhparams.pem - Resolves: #2165976 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write ... oval:org.secpod.oval:def:87150 [2.4.53-7.0.1] - Replace index.html with Oracles index page oracle_index.html. [2.4.53-7] - Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling - Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match - Resolves: #2098248 - CVE-2022-31813 ht ... oval:org.secpod.oval:def:2500943 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:2600032 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:507560 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_dav: out-of-bounds read/write of zero byte * httpd: mod_proxy_ajp: Possible request smuggling * httpd: mod_proxy: HTTP response splitting For more details about the secu ... oval:org.secpod.oval:def:4501385 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" * httpd: mod_session: Heap overflow via a crafted SessionHeader value For more details about the security is ... oval:org.secpod.oval:def:1505672 mod_http2 [1.15.7-5] - Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations [1.15.7-4] - Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd: Request splitting via HTTP/2 method injection and mod_proxy mod_md oval:org.secpod.oval:def:1505434 [2.4.6-97.0.5.4] - mod_session: save one apr_strtok [Orabug: 33338149][CVE-2021-26690] - replace index.html with Oracle"s index page oracle_index.html [2.4.6-97.4] - Resolves: #2031072 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests - Resolves: #2031074 - CVE-2021-39275 httpd ... oval:org.secpod.oval:def:506837 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling For more details about the security issue, including the impact, a CVSS score, acknowle ... oval:org.secpod.oval:def:4501219 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_dav: out-of-bounds read/write of zero byte * httpd: mod_proxy_ajp: Possible request smuggling * httpd: mod_proxy: HTTP response splitting For more details about the secu ... oval:org.secpod.oval:def:205909 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_proxy: SSRF via a crafted request uri-path containing unix: For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other relat ... oval:org.secpod.oval:def:1505203 httpd [2.4.37-41.0.1] - Add checks on the configured UDS path [Orabug: 33412270][CVE-2021-40438] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-41] - Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS ... oval:org.secpod.oval:def:1506451 [2.4.53-7.0.1] - Replace index.html with Oracle"s index page oracle_index.html. [2.4.53-7.1] - Resolves: #2165975 - prevent sscg creating /dhparams.pem - Resolves: #2165970 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte - Resolves: #2165973 - CVE-2022-37436 httpd: mod_proxy: ... oval:org.secpod.oval:def:506804 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling For more details about the security issue, including the impact, a CVSS score, acknowle ... oval:org.secpod.oval:def:506803 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling For more details about the security issue, including the impact, a CVSS score, acknowle ... oval:org.secpod.oval:def:1505326 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500620 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:2500144 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:97571 [CLSA-2021:1633601543] Fixed CVE-2020-35452 in httpd oval:org.secpod.oval:def:97579 [CLSA-2021:1634745216] Fixed CVE-2021-39275 in httpd oval:org.secpod.oval:def:97612 [CLSA-2022:1648136177] Fixed CVEs in httpd: CVE-2022-22720, CVE-2022-22721 oval:org.secpod.oval:def:97649 [CLSA-2022:1656447241] Fixed CVEs in httpd: CVE-2022-31813, CVE-2022-28615, CVE-2022-26377 oval:org.secpod.oval:def:97677 [CLSA-2022:1663173256] Fixed CVE-2022-28614 in httpd oval:org.secpod.oval:def:97678 [CLSA-2022:1663591920] Fixed CVE-2022-28614 in httpd oval:org.secpod.oval:def:97705 [CLSA-2023:1675111939] httpd: Fix of CVE-2022-36760 oval:org.secpod.oval:def:97716 [CLSA-2023:1678136793] httpd: Fix of CVE-2006-20001 oval:org.secpod.oval:def:1504916 httpd [2.4.37-39.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-39] - prevent htcacheclean from while break when first file processed [2.4.37-38] - Resolves: #1918741 - Thousands of /tmp/modproxy.tmp.* files cre ... oval:org.secpod.oval:def:4501348 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: mod_proxy_uwsgi buffer overflow * httpd: mod_http2 concurrent pool usage For more details about the security issue, ... oval:org.secpod.oval:def:2500486 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:73612 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: mod_proxy_uwsgi buffer overflow * httpd: mod_http2 concurrent pool usage For more details about the security issue, ... oval:org.secpod.oval:def:1701229 Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli ... oval:org.secpod.oval:def:507591 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: HTTP request splitting with mod_rewrite and mod_proxy For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informa ... oval:org.secpod.oval:def:19500508 Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. A flaw was found in httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that connection indefinitely in the Ap ... oval:org.secpod.oval:def:509261 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: httpd: mod_macro: out-of-bounds read vulnerability For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer ... oval:org.secpod.oval:def:1701916 Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. A flaw was found in httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that connection indefinitely in the Ap ... oval:org.secpod.oval:def:19500204 Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli ... oval:org.secpod.oval:def:2600562 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. |