Download
| Alert*
oval:org.secpod.oval:def:2100418
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end a ... oval:org.secpod.oval:def:89044016 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain o ... oval:org.secpod.oval:def:89044694 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS . - CVE-2016-8743: Added new directive HttpProtocolOptions Strict to avoid proxy chain misinterpretation . oval:org.secpod.oval:def:504960 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The httpd24 Software Collection has been upgraded to version 2.4.25, which provides a number ... oval:org.secpod.oval:def:41593 The host is installed with Apache HTTP Server 2.2.x through 2.2.32 or 2.4.x before 2.4.25 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle whitespace accepted from requests. Successful exploitation could allow remote attackers to perform reque ... oval:org.secpod.oval:def:89002111 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain o ... oval:org.secpod.oval:def:39598 The host is installed with Apple Mac OS X 10.8 before 10.13 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:204470 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user"s browser. A remote attac ... oval:org.secpod.oval:def:89044749 This update for apache2 fixes the following security issues: Security issues fixed: - CVE-2016-0736: Protect mod_session_crypto data with a MAC to prevent padding oracle attacks . - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS . - CVE-2016 ... oval:org.secpod.oval:def:204540 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If ... oval:org.secpod.oval:def:1000747 The remote host is missing a patch 152643-03 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000780 The remote host is missing a patch 152644-03 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:111790 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:111793 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1800760 CVE-2016-0736: Padding Oracle in Apache mod_session_crypto. Affects: 2.4.1 to 2.4.23 Fixed in: 2.4.25 oval:org.secpod.oval:def:1501929 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502013 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user"s browser. A remote attac ... oval:org.secpod.oval:def:1600717 Apache HTTP Request Parsing Whitespace DefectsIt was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that inte ... oval:org.secpod.oval:def:502066 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If ... oval:org.secpod.oval:def:51785 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:703588 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:1800360 CVE-2016-0736: Padding Oracle in Apache mod_session_crypto Affects: 2.4.1 to 2.4.23 Fixed in: 2.4.25 oval:org.secpod.oval:def:1501837 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1600495 The following security-related issues were fixed:Padding oracle vulnerability in Apache mod_session_crypto DoS vulnerability in mod_auth_digest Apache HTTP request parsing whitespace defects oval:org.secpod.oval:def:602823 DSA-3796-1 for apache2 introduced a regression in sitesummary: fixing CVE-2016-8743 meant being more stringent when dealing with whitespace patterns in HTTP requests, and that change broke the upload tool of sitesummary-client. oval:org.secpod.oval:def:602781 Several vulnerabilities were discovered in the Apache2 HTTP server. CVE-2016-0736 RedTeam Pentesting GmbH discovered that mod_session_crypto was vulnerable to padding oracle attacks, which could allow an attacker to guess the session cookie. CVE-2016-2161 Maksim Malyutin discovered that malicious in ... oval:org.secpod.oval:def:42910 The host is missing a security update according to Apple advisory, APPLE-SA-2017-10-31-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:1600742 ap_find_token buffer overread:A buffer over-read flaw was found in the httpds ap_find_token function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. Apache HTTP Request Parsing Whitespace Defects:It was discovered that the HTTP parse ... oval:org.secpod.oval:def:54501 The host is installed with Apple Mac OS 10.8 through 10.13 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle the authentication API. Successful exploitation allows remote attackers to bypass required authentication if the API was used ... oval:org.secpod.oval:def:39718 The host is missing a security update according to Apple advisory, APPLE-SA-2017-03-27-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... |