Download
| Alert*
oval:org.secpod.oval:def:73417
The host is installed with Apache HTTP Server 2.4.0 through 2.4.46 and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted SessionHeader. Successful exploitation could allow attackers to cause a heap overflow. oval:org.secpod.oval:def:75909 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_proxy: SSRF via a crafted request uri-path containing unix: * httpd: mod_session: Heap overflow via a crafted SessionHeader value For more details about the security issu ... oval:org.secpod.oval:def:89045082 This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_diges ... oval:org.secpod.oval:def:89970 The remote host is missing a patch 152644-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:73705 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:506654 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_lua: Possible buffer overflow when parsing multipart content * httpd: mod_session: Heap overflow via a crafted SessionHeader value * httpd: NULL pointer dereference via m ... oval:org.secpod.oval:def:506378 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_proxy: SSRF via a crafted request uri-path containing unix: * httpd: mod_session: Heap overflow via a crafted SessionHeader value For more details about the security issu ... oval:org.secpod.oval:def:4501385 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" * httpd: mod_session: Heap overflow via a crafted SessionHeader value For more details about the security is ... oval:org.secpod.oval:def:1601455 A flaw was found in Apache httpd. The mod_proxy_wstunnel module tunnels non-upgraded connections. A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to system availability. A flaw was found ... oval:org.secpod.oval:def:1700659 A flaw was found in Apache httpd. The mod_proxy_wstunnel module tunnels non-upgraded connections. A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to system availability. A flaw was found ... oval:org.secpod.oval:def:1505434 [2.4.6-97.0.5.4] - mod_session: save one apr_strtok [Orabug: 33338149][CVE-2021-26690] - replace index.html with Oracle"s index page oracle_index.html [2.4.6-97.4] - Resolves: #2031072 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests - Resolves: #2031074 - CVE-2021-39275 httpd ... oval:org.secpod.oval:def:120754 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:89047147 This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference - fixed CVE-20 ... oval:org.secpod.oval:def:89966 The remote host is missing a patch 152643-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:73698 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:706053 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:74225 Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes option could result in unexpected behaviour. oval:org.secpod.oval:def:506565 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Regression of CVE-2021-40438 and CVE-2021-26691 fixes in Red Hat Enterprise Linux 8.5 For more details about the security issue, including the impact, a CVSS score, acknowledg ... oval:org.secpod.oval:def:1505143 httpd [2.4.37-39.1.0.1.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle"s index page oracle_index.html [2.4.37-39.1] - Resolves: #2007234 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via a crafted request uri-path - Resolves: #2007646 - CVE-2021-26 ... oval:org.secpod.oval:def:2500482 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:205932 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_lua: Possible buffer overflow when parsing multipart content * httpd: mod_session: Heap overflow via a crafted SessionHeader value * httpd: NULL pointer dereference via m ... oval:org.secpod.oval:def:73460 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:605575 Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes option could result in unexpected behaviour. oval:org.secpod.oval:def:89045078 This update for apache2 fixes the following issues: - CVE-2021-30641: Fixed MergeSlashes regression - CVE-2021-31618: Fixed NULL pointer dereference on specially crafted HTTP/2 request - CVE-2020-35452: Fixed Single zero byte stack overflow in mod_auth_digest - CVE-2021-26690: Fixed mod_session N ... |