Download
| Alert*
|
oval:org.secpod.oval:def:120382
The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:120384 The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers. oval:org.secpod.oval:def:73423 The host is installed with Apache HTTP Server 2.4.6 through 2.4.46 and is prone to a NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle an issue in the HTTP/2 protocol handler. Successful exploitation could allow attackers to cause denial of ... oval:org.secpod.oval:def:2106818 Oracle Solaris 11 - ( CVE-2021-31618 ) oval:org.secpod.oval:def:1700657 A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request. A remote attacker could use this flaw to crash the httpd child process, causing temporary denial of service oval:org.secpod.oval:def:1700662 A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request. A remote attacker could use this flaw to crash the httpd child process, causing temporary denial of service oval:org.secpod.oval:def:89045082 This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_diges ... oval:org.secpod.oval:def:89970 The remote host is missing a patch 152644-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:89047147 This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference - fixed CVE-20 ... oval:org.secpod.oval:def:89966 The remote host is missing a patch 152643-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:74225 Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes option could result in unexpected behaviour. oval:org.secpod.oval:def:605575 Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes option could result in unexpected behaviour. oval:org.secpod.oval:def:89045078 This update for apache2 fixes the following issues: - CVE-2021-30641: Fixed MergeSlashes regression - CVE-2021-31618: Fixed NULL pointer dereference on specially crafted HTTP/2 request - CVE-2020-35452: Fixed Single zero byte stack overflow in mod_auth_digest - CVE-2021-26690: Fixed mod_session N ... |
