Download
| Alert*
oval:org.secpod.oval:def:19500181
There's a null pointer dereference and server-side request forgery flaw in httpd's mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Dom ... oval:org.secpod.oval:def:5800069 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd . Security Fix: * httpd: mod_sed: Read/write beyond bounds * httpd: mod_lua: Use of uninitialized value of in r:parsebod ... oval:org.secpod.oval:def:507268 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_sed: Read/write beyond bounds * httpd: mod_lua: Use of uninitialized value of in r:parsebody * httpd: core: Possible buffer overflow with very large or unlimited LimitXML ... oval:org.secpod.oval:def:1601532 A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest treat of this vulnerability is availability. A flaw was found in httpd. The inbound connection is ... oval:org.secpod.oval:def:89046156 This update for apache2 fixes the following issues: - CVE-2022-22720: HTTP request smuggling due to incorrect error handling . - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody . oval:org.secpod.oval:def:121783 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:89046151 This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed . - CVE-2022-22720: HTTP request smuggling due to incorrect error handling . - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua . - CVE-2022-22721: possible buffer overflo ... oval:org.secpod.oval:def:1700890 A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest treat of this vulnerability is availability. A flaw was found in httpd. The inbound connection is ... oval:org.secpod.oval:def:507391 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd . Security Fix: * httpd: mod_sed: Read/write beyond bounds * httpd: mod_lua: Use of uninitialized value of in r:parsebod ... oval:org.secpod.oval:def:2107667 Oracle Solaris 11 - ( CVE-2022-22720 ) oval:org.secpod.oval:def:1506153 httpd [2.4.37-51.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-51] - Resolves: #2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via ap_rwrite - Resolves: #2097031 - CVE-2022-28615 httpd:2.4/httpd: ... oval:org.secpod.oval:def:2500840 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:83792 The host is installed with Apache Http Server before 2.5.2 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle integer overflow. Successful exploitation could allow remote attacker to overflow a buffer and execute arbitrary code on the system ... oval:org.secpod.oval:def:81378 A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write. oval:org.secpod.oval:def:89973 The remote host is missing a patch 152644-16 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:87150 [2.4.53-7.0.1] - Replace index.html with Oracles index page oracle_index.html. [2.4.53-7] - Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling - Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match - Resolves: #2098248 - CVE-2022-31813 ht ... oval:org.secpod.oval:def:4500970 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_sed: Read/write beyond bounds * httpd: mod_lua: Use of uninitialized value of in r:parsebody * httpd: core: Possible buffer overflow with very large or unlimited LimitXML ... oval:org.secpod.oval:def:2600032 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:121800 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:89969 The remote host is missing a patch 152643-16 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:89046172 This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed . - CVE-2022-22720: HTTP request smuggling due to incorrect error handling . - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua . - CVE-2022-22721: possible buffer overflo ... oval:org.secpod.oval:def:89046173 This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed . - CVE-2022-22720: HTTP request smuggling due to incorrect error handling . - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua . - CVE-2022-22721: possible buffer overflo ... oval:org.secpod.oval:def:706353 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:507178 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_sed: Read/write beyond bounds * httpd: Request splitting via HTTP/2 method injection and mod_proxy * httpd: NULL pointer dereference via malformed requests * httpd: mod_ ... oval:org.secpod.oval:def:79886 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:80148 The host is missing a security update according to Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allow attackers to execute arbitrary code, cause denial of service or di ... oval:org.secpod.oval:def:89047577 This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed . - CVE-2022-22720: HTTP request smuggling due to incorrect error handling . - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua . - CVE-2022-22721: possible buffer overflo ... oval:org.secpod.oval:def:80065 The host is missing a security update according to Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allow attackers to execute arbitrary code, cause denial of service or di ... oval:org.secpod.oval:def:89046164 This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed . - CVE-2022-22720: HTTP request smuggling due to incorrect error handling . - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua . - CVE-2022-22721: possible buffer overflo ... oval:org.secpod.oval:def:97612 [CLSA-2022:1648136177] Fixed CVEs in httpd: CVE-2022-22720, CVE-2022-22721 oval:org.secpod.oval:def:80066 The host is missing a security update according to Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allow attackers to execute arbitrary code, cause denial of service or di ... oval:org.secpod.oval:def:80134 The host is installed with Apple Catalina before 19H1922 or Apple Mac OS 12 before 12.4 or Apple Mac OS before 11.6.6 and is prone to multiple vulnerabilities. A flaw is present in the application, which fails to properly handle a validation issue. On successful exploitation, processing a maliciousl ... |