Download
| Alert*
oval:org.secpod.oval:def:67016
apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:66750 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2020-1927 Fabrice Perez reported that certain mod_rewrite configurations are prone to an open redirect. CVE-2020-1934 Chamal De Silva discovered that the mod_proxy_ftp module uses uninitialized memory when proxying to a maliciou ... oval:org.secpod.oval:def:65175 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:66576 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Push diary crash on specifically crafted HTTP/2 header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:504907 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Push diary crash on specifically crafted HTTP/2 header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:67027 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:89050369 This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the "Cache-Digest" header in a HTTP/2 request . - CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi . - CVE-2020-11993: When trace/debug was enabled for the ... oval:org.secpod.oval:def:1801864 A specially crafted value for the "Cache-Digest" header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Versions Affected: 2.4.20 to 2.4.43mod_proxy_uwsgi info disclosure and possible RCE. Versions Affected: 2.4.32 to 2.4.44When trace/ ... oval:org.secpod.oval:def:1601193 Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the "Cache-Digest" header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. ... oval:org.secpod.oval:def:118620 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:118615 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:73528 The host is installed with Apache HTTP Server 2.4.20 through 2.4.43 and is prone to a denial-of-service vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted value for the Cache-Digest header in a HTTP/2 request. Successful exploitation could allow a ... oval:org.secpod.oval:def:89000111 This update for apache2 fixes the following issues: - Enables the patch for CVE-2020-11993 and CVE-2020-9490. The patch was included but not applied in the previous update oval:org.secpod.oval:def:89000277 This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the "Cache-Digest" header in a HTTP/2 request . - CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi . - CVE-2020-11993: When trace/debug was enabled for the ... oval:org.secpod.oval:def:1503039 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:504288 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Push diary crash on specifically crafted HTTP/2 header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:1700401 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the "Cache-Digest" header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for ... oval:org.secpod.oval:def:1700397 Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vu ... oval:org.secpod.oval:def:605004 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2020-1927 Fabrice Perez reported that certain mod_rewrite configurations are prone to an open redirect. CVE-2020-1934 Chamal De Silva discovered that the mod_proxy_ftp module uses uninitialized memory when proxying to a maliciou ... oval:org.secpod.oval:def:705580 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:89000274 This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the "Cache-Digest" header in a HTTP/2 request . - CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite . - CVE-2020-11993: When trace/debug was e ... oval:org.secpod.oval:def:90248 The remote host is missing a patch 152643-10 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:90250 The remote host is missing a patch 152644-10 containing a security fix. For more information please visit the reference link. |