Download
| Alert*
|
oval:org.secpod.oval:def:89045075
This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest oval:org.secpod.oval:def:73420 The host is installed with Apache HTTP Server 2.4.41 through 2.4.46 and is prone to a stack overflow vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted Digest nonce. Successful exploitation could allow attackers to cause a stack overflow in mod_au ... oval:org.secpod.oval:def:2500729 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:89045082 This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_diges ... oval:org.secpod.oval:def:89970 The remote host is missing a patch 152644-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:73705 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:4501027 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Request splitting via HTTP/2 method injection and mod_proxy * httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * httpd: possible NULL dereference or ... oval:org.secpod.oval:def:1601455 A flaw was found in Apache httpd. The mod_proxy_wstunnel module tunnels non-upgraded connections. A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to system availability. A flaw was found ... oval:org.secpod.oval:def:1505672 mod_http2 [1.15.7-5] - Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations [1.15.7-4] - Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd: Request splitting via HTTP/2 method injection and mod_proxy mod_md oval:org.secpod.oval:def:506932 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Request splitting via HTTP/2 method injection and mod_proxy * httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * httpd: possible NULL dereference or ... oval:org.secpod.oval:def:1700659 A flaw was found in Apache httpd. The mod_proxy_wstunnel module tunnels non-upgraded connections. A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to system availability. A flaw was found ... oval:org.secpod.oval:def:120754 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:89047147 This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference - fixed CVE-20 ... oval:org.secpod.oval:def:89966 The remote host is missing a patch 152643-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:73698 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:706053 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:74225 Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes option could result in unexpected behaviour. oval:org.secpod.oval:def:73460 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:605575 Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes option could result in unexpected behaviour. oval:org.secpod.oval:def:89045078 This update for apache2 fixes the following issues: - CVE-2021-30641: Fixed MergeSlashes regression - CVE-2021-31618: Fixed NULL pointer dereference on specially crafted HTTP/2 request - CVE-2020-35452: Fixed Single zero byte stack overflow in mod_auth_digest - CVE-2021-26690: Fixed mod_session N ... oval:org.secpod.oval:def:97571 [CLSA-2021:1633601543] Fixed CVE-2020-35452 in httpd |
