Download
| Alert*
oval:org.secpod.oval:def:89044038
This update for apache2 fixes the following issues: - Fixed potential content spoofing with default error pages oval:org.secpod.oval:def:116999 This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. These will be configured for managed domains and their virtual hosts automatically. This includes renewal of certificates before they expir ... oval:org.secpod.oval:def:116998 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:59582 It was reported that the apache2 update released as DSA 4509-1 incorrectly fixed CVE-2019-10092. Updated apache2 packages are now available to correct this issue. For reference, the relevant part of the original advisory text follows. CVE-2019-10092 Matei "Mal" Badanoiu reported a limited ... oval:org.secpod.oval:def:1700256 A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.A vulnerability was discovered in Apache htt ... oval:org.secpod.oval:def:58422 apache2: Apache HTTP server Several security issues were fixed in Apache. oval:org.secpod.oval:def:58227 The host is installed with Apache HTTP Server 2.4.0 through 2.4.39 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle malformed links in the mod_proxy error page. Successful exploitation could allow attackers to cause the link o ... oval:org.secpod.oval:def:58856 apache2: Apache HTTP server Several security issues were fixed in Apache. oval:org.secpod.oval:def:69916 It was reported that the apache2 update released as DSA 4509-1 incorrectly fixed CVE-2019-10092. Updated apache2 packages are now available to correct this issue. For reference, the relevant part of the original advisory text follows. CVE-2019-10092 Matei Mal Badanoiu reported a limited cross-site s ... oval:org.secpod.oval:def:604565 It was reported that the apache2 update released as DSA 4509-1 incorrectly fixed CVE-2019-10092. Updated apache2 packages are now available to correct this issue. For reference, the relevant part of the original advisory text follows. CVE-2019-10092 Matei quot;Malquot; Badanoiu reported a limited cr ... oval:org.secpod.oval:def:504725 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: mod_http2 . Security Fix: * httpd: memory corruption on early pushes * httpd: read-after-free in h2 connection shutdown * htt ... oval:org.secpod.oval:def:1504457 httpd [2.4.37-13.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-30] - Resolves: #1209162 - support logging to journald from CustomLog [2.4.37-29] - Resolves: #1823263 - CVE-2020-1934 httpd: mod_proxy_ftp use of ... oval:org.secpod.oval:def:68002 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: mod_http2 . Security Fix: * httpd: memory corruption on early pushes * httpd: read-after-free in h2 connection shutdown * htt ... oval:org.secpod.oval:def:89045078 This update for apache2 fixes the following issues: - CVE-2021-30641: Fixed MergeSlashes regression - CVE-2021-31618: Fixed NULL pointer dereference on specially crafted HTTP/2 request - CVE-2020-35452: Fixed Single zero byte stack overflow in mod_auth_digest - CVE-2021-26690: Fixed mod_session N ... oval:org.secpod.oval:def:2500144 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:504878 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: mod_auth_di ... oval:org.secpod.oval:def:69904 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2019-9517 Jonathan Looney reported that a malicious client could perform a denial of service attack by flooding a connection with requests and basically never reading responses on the TCP connection. CVE-2019-10081 Craig Young ... oval:org.secpod.oval:def:89003349 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering . - CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes . - CVE-2019-10082: Fixed m ... oval:org.secpod.oval:def:604505 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2019-9517 Jonathan Looney reported that a malicious client could perform a denial of service attack by flooding a connection with requests and basically never reading responses on the TCP connection. CVE-2019-10081 Craig Young ... oval:org.secpod.oval:def:58348 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2019-9517 Jonathan Looney reported that a malicious client could perform a denial of service attack by flooding a connection with requests and basically never reading responses on the TCP connection. CVE-2019-10081 Craig Young ... oval:org.secpod.oval:def:58420 apache2: Apache HTTP server Several security issues were fixed in Apache. oval:org.secpod.oval:def:58421 apache2: Apache HTTP server Several security issues were fixed in Apache. oval:org.secpod.oval:def:58855 apache2: Apache HTTP server Several security issues were fixed in Apache. oval:org.secpod.oval:def:90247 The remote host is missing a patch 152643-08 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:90249 The remote host is missing a patch 152644-08 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:89050824 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering . - CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes . - CVE-2019-10082: Fixed m ... oval:org.secpod.oval:def:2105185 In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with prox ... oval:org.secpod.oval:def:1601069 A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.A read-after-free vulnerability was discovered in Apache httpd, in mod_http2. A specially crafted http/2 client session could cause the ... |