Download
| Alert*
oval:org.secpod.oval:def:6410
Apache HTTP Server 2.4.x 64-bit is installed on the system oval:org.secpod.oval:def:42677 The host is installed with Apache HTTP Server 2.4.17 through 2.4.23 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle exceptional conditions. Successful exploitation could allow remote attackers to cause a denial of service. oval:org.secpod.oval:def:42678 The host is installed with Apache HTTP Server 2.4.17 or 2.4.18 and is prone to a remote denial of service vulnerability. A flaw is present in the application, which fails to handle exceptional conditions. Successful exploitation could allow remote attackers to cause a denial of service. oval:org.secpod.oval:def:54103 The host is installed with Apache HTTP Server 2.4.25 and is prone to a NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle a maliciously constructed HTTP/2 request. Successful exploitation could allow attackers to dereference a NULL pointer an ... oval:org.secpod.oval:def:83787 The host is installed with Apache Http server 2.4.33 or 2.4.18 through 2.4.30 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle specially crafting http/2 requests. Successful exploitation could allow remote attackers to denial of service. oval:org.secpod.oval:def:83788 The host is installed with Apache Http Server 2.4.33 and is prone to a null pointer vulnerability. A flaw is present in the application, which fails to handle crafting http requests. Successful exploitation could lead to denial of service. oval:org.secpod.oval:def:42679 The host is installed with Apache HTTP Server 2.4.18 through 2.4.20 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a SSL client certificate validation. Successful exploitation could allow remote attackers to access resources protected by ... oval:org.secpod.oval:def:26137 The host is installed with Apache HTTP Server 2.4.x before 2.4.14 and is prone to a security bypass vulnerability. A flaw is present in the ap_some_auth_required function in server/request.c, which does not consider that a Require directive may be associated with an authorization setting rather than ... oval:org.secpod.oval:def:41594 The host is installed with Apache HTTP Server 2.4.x through 2.4.23 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle malicious input to mod_auth_digest. Successful exploitation could allow remote attackers to perform request smuggling, res ... oval:org.secpod.oval:def:41595 The host is installed with Apache HTTP Server 2.4.x through 2.4.23 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle mod_session_crypto. Successful exploitation could allow remote attackers to padding oracle attacks, particularly with CBC. oval:org.secpod.oval:def:41593 The host is installed with Apache HTTP Server 2.2.x through 2.2.32 or 2.4.x before 2.4.25 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle whitespace accepted from requests. Successful exploitation could allow remote attackers to perform reque ... oval:org.secpod.oval:def:63827 The host is installed with Apache HTTP Server 2.4.0 through 2.4.41 and is prone to an open redirect vulnerability. A flaw is present in the application, which fails to properly handle malformed links in the mod_rewrite configurations. Successful exploitation could allow attackers to cause redirectio ... oval:org.secpod.oval:def:63828 The host is installed with Apache HTTP Server 2.4.0 through 2.4.41 and is prone to an uninitialized resource usage vulnerability. A flaw is present in the application, which fails to properly handle an issue in mod_proxy_ftp. Successful exploitation could allow attackers to cause the usage of uninit ... oval:org.secpod.oval:def:41600 The host is installed with Apache HTTP Server 2.2.x before 2.2.34 and 2.4.x before 2.4.27 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle mod_mime. Successful exploitation could allow remote attackers to leak confidential informati ... oval:org.secpod.oval:def:41601 The host is installed with Apache HTTP Server 2.4.26 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle HTTP/2 handling code. Successful exploitation could allow remote attackers to access memory after it has been freed, resulting in po ... oval:org.secpod.oval:def:26234 The host is installed with Apache Subversion before 1.7.21, 1.8.x before 1.8.14 or Apache HTTP Server 2.4.x through 2.4.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to properly restrict anonymous access. Successful exploitation could a ... oval:org.secpod.oval:def:75218 The host is installed with Apache HTTP Server 2.4.49 and is prone to a NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle null pointers in HTTP/2 request process. Successful exploitation allows an external source to DoS the server. oval:org.secpod.oval:def:6973 The host is installed with Apache HTTP Server 2.4.x before 2.4.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly close back-end connections. Successful exploitation could allow attackers to obtain information intended for a diffe ... oval:org.secpod.oval:def:6411 The host is installed with Apache 2.4.x before 2.4.2 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a zero-length directory name in the LD_LIBRARY_PATH. Successful exploitation could allow remote attackers to search the current directory ... oval:org.secpod.oval:def:9407 The host is installed with Apache HTTP Server 2.2.x before 2.2.24-dev or 2.4.x before 2.4.4 and is prone to multiple cross-site scripting (XSS) vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted string. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:6974 The host is installed with Apache HTTP Server 2.4.x before 2.4.3 and is prone to a multiple cross site scripting vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted filename during construction of a variant list. Successful exploitation could allow att ... oval:org.secpod.oval:def:9408 The host is installed with Apache HTTP Server 2.2.x before 2.2.24-dev or 2.4.x before 2.4.4 and is prone to multiple cross-site scripting (XSS) vulnerabilities. The flaws are present in the application, which fails to handle vectors involving hostnames and URIs in the mod_imagemap, mod_info, mod_lda ... oval:org.secpod.oval:def:34691 The host is installed with Apache HTTP Server before 2.4.5 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails by proceeding with save operations for a session without considering the dirty flag. Successful exploitation could allow remote attackers to an u ... oval:org.secpod.oval:def:34699 The host is installed with Apache HTTP Server 2.2.x through 2.2.27 or 2.4.x before 2.4.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a request to a CGI script that does not read from its stdin file descriptor. Successful exploitatio ... oval:org.secpod.oval:def:34698 The host is installed with Apache HTTP Server 2.2.x through 2.2.27 or 2.4.x before 2.4.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted request that triggers improper scoreboard handling within the status_handler function in ... oval:org.secpod.oval:def:34695 The host is installed with Apache HTTP Server 2.2.x through 2.2.26 or 2.4.x before 2.4.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted cookie during truncation. Successful exploitation could allow remote attackers to ... oval:org.secpod.oval:def:34696 The host is installed with Apache HTTP Server 2.4.x from 2.4.6 through 2.4.9 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails when a reverse proxy is enabled. Successful exploitation could allow remote attackers to cause a denial of service (child- ... oval:org.secpod.oval:def:34694 The host is installed with Apache HTTP Server 2.2.x through 2.2.26 or 2.4.x before 2.4.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly remove whitespace characters from CDATA sections. Successful exploitation could allow remote attac ... oval:org.secpod.oval:def:34692 The host is installed with Apache HTTP Server 2.4.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle enablement of caching forward proxy. Successful exploitation could allow remote HTTP servers to cause denial of service (NULL pointer der ... oval:org.secpod.oval:def:34700 The host is installed with Apache HTTP Server 2.4.x before 2.4.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails when the default AcceptFilter is enabled. Successful exploitation could allow remote attackers to cause a denial of service (memory c ... oval:org.secpod.oval:def:34701 The host is installed with Apache HTTP Server 2.4.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle long response headers. Successful exploitation could allow remote FastCGI servers to cause a denial of service (buffer over-read and dae ... oval:org.secpod.oval:def:34702 The host is installed with Apache HTTP Server 2.4.12 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly initialize the protocol structure member. Successful exploitation could allow remote attackers to cause a denial of service (NULL poin ... oval:org.secpod.oval:def:23965 The host is installed with Apache HTTP Server through 2.4.12 and is prone to a denial of service vulnerability. A flaw is present in lua_websocket_read function in lua_request.c in mod_lua module, which fails to handle crafted WebSocket Ping frame after a Lua script has called the wsupgrade function ... oval:org.secpod.oval:def:34693 The host is installed with Apache HTTP Server 2.2.x through 2.2.27 or 2.4.x through 2.4.10 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted data. Successful exploitation could allow remote attackers to bypass "RequestHead ... oval:org.secpod.oval:def:47260 The host is installed with Apache HTTP Server 2.2.x before 2.2.32 or 2.4.x before 2.4.24 and is prone to a CRLF Injection vulnerability. A flaw is present in the application, which fails to handle the Location or other outbound header key or value. Successful exploitation could allow remote attacker ... oval:org.secpod.oval:def:26138 The host is installed with Apache HTTP Server 2.2.x or 2.4.x before 2.4.14 and is prone to HTTP request smuggling attack vulnerabilities. The flaws are present in the chunked transfer coding implementation, which does not properly parse chunk headers. Successful exploitation will allow remote attack ... oval:org.secpod.oval:def:54097 The host is installed with Apache HTTP Server 2.4.x through 2.4.38 and is prone to a remote security vulnerability. A flaw is present in the application, which fails to properly handle the servers processing when the path component of a request URL contains multiple consecutive slashes ('/'). Succes ... oval:org.secpod.oval:def:55065 The host is installed with Apache HTTP Server 2.4.17 through 2.4.37 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the HTTP/2 (mod_http2) connections. Successful exploitation could allow attackers to cause a denial of service f ... oval:org.secpod.oval:def:54098 The host is installed with Apache HTTP Server 2.4.18 through 2.4.38 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle the http/2 request. Successful exploitation could allow attackers to bypass certain security restrictions and to p ... oval:org.secpod.oval:def:55066 The host is installed with Apache HTTP Server version 2.4.37 with OpenSSL version 1.1.1 or later and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the client negotiations by mod_ssl. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:55064 The host is installed with Apache HTTP Server 2.4.x through 2.4.37 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle the mod_session expiry time check issue. Successful exploitation could allow attackers to ignore session expiry tim ... oval:org.secpod.oval:def:54099 The host is installed with Apache HTTP Server 2.4.34 through 2.4.38 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an upgrade request from http/1.1 to http/2. Successful exploitation could allow attackers to cause misconfigurat ... oval:org.secpod.oval:def:54101 The host is installed with Apache HTTP Server 2.4.x through 2.4.38 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a race condition in mod_auth_digest when running in a threaded server. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:54102 The host is installed with Apache HTTP Server 2.4.17 through 2.4.38 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the less-privileged child processes or threads. Successful exploitation could allow attackers to execute arbi ... oval:org.secpod.oval:def:54100 The host is installed with Apache HTTP Server 2.4.37 through 2.4.38 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a per-location client certificate verification with TLSv1.3. Successful exploitation could allow attackers to bypa ... oval:org.secpod.oval:def:82626 The host is installed with Apache HTTP Server 2.4.0 through 2.4.53 and is prone to an inconsistent interpretation of HTTP requests vulnerability. A flaw is present in the application, which fails to properly handle issues in mod_proxy_ajp. Successful exploitation could allow attackers to smuggle req ... oval:org.secpod.oval:def:82625 The host is installed with Apache HTTP Server 2.4.0 through 2.4.52 and is prone to an out-of-bounds write of data authenticity vulnerability. A flaw is present in the application, which fails to properly handle issues in mod_sed. Successful exploitation could allow an attacker to overwrite heap memo ... oval:org.secpod.oval:def:83792 The host is installed with Apache Http Server before 2.5.2 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle integer overflow. Successful exploitation could allow remote attacker to overflow a buffer and execute arbitrary code on the system ... oval:org.secpod.oval:def:83790 The host is installed with Apache Http Server before 2.4.52 and is prone to a http request smuggling vulnerability. A flaw is present in the application, which fails to handle issues in closing inbound connection. Successful exploitation could allow remote attackers to gain access to sensitive data. oval:org.secpod.oval:def:83791 The host is installed with Apache Http Server 2.4.0 through 2.4.52 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fails to handle issues in mod_sed. Successful exploitation could allow remote attackers to overwrite heap memory. oval:org.secpod.oval:def:83789 The host is installed with Apache Http Server 2.4.52 before and is prone to an improper initialization vulnerability. A flaw is present in the application, which fails to handle carefully crafted request body. Successful exploitation could allow remote attackers to read to a random memory area which ... oval:org.secpod.oval:def:83785 The host is installed with Apache http server version before 2.4.29 and is prone to an out of bound read vulnerability. A flaw is present in the application, which fails to handle issues in mod_cache_socache. Successful exploitation could allow remote attackers to denial of service. oval:org.secpod.oval:def:83786 The host is installed with Apache Http Server 2.2.0 through 2.2.34 or 2.4.0 through 2.4.29 and is prone to an improper authentication vulnerability. A flaw is present in the application, which fails to handle issues in mod_auth_digest. Successful exploitation could allow remote attackers to replay H ... oval:org.secpod.oval:def:83782 The host is installed with Apache http server versions 2.4.0 to 2.4.29 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle issues in mod_session data for CGI applications. Successful exploitation could allow a remote user may influenc ... oval:org.secpod.oval:def:83783 The host is installed with Apache http server versions before 2.4.29 and is prone to an out of bound access vulnerability. A flaw is present in the application, which fails to handle issues in reading the HTTP request. Successful exploitation could lead to unspecified impact. oval:org.secpod.oval:def:83784 The host is installed with Apache Http Server before 2.4.29 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle HTTP/2 stream shutdown. Successful exploitation could allow remote attackers to cause denial of service. oval:org.secpod.oval:def:83780 The host is installed with Apache HTTP Server 2.4.0 through 2.4.29 and is prone to an improper input validation vulnerability. A flaw is present in the application, which fails to handle issues in matching the trailing portion of the filename. Successful exploitation could allow a remote attacker to ... oval:org.secpod.oval:def:83779 The host is installed with Apache Http Server 2.4.0 to 2.4.29 and is prone to an out of bound write vulnerability. A flaw is present in the application, which fails to handle issues in mod_authnz_ldap. Successful exploitation could allow remote attackers to denial of service. oval:org.secpod.oval:def:47772 The host is installed with Apache HTTP Server 2.4.17 through 2.4.34 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle maximum-size SETTINGS frames for an ongoing HTTP/2 connection. Successful exploitation could allow remote attackers to de ... oval:org.secpod.oval:def:75217 The host is installed with Apache HTTP Server 2.4.49 and is prone to a path traversal vulnerability. A flaw is present in the application, which fails to properly handle a issue in path normalization. Successful exploitation could allow attackers to use a path traversal attack to map URLs to files o ... oval:org.secpod.oval:def:41598 The host is installed with Apache HTTP Server 2.2.32 and 2.4.24 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle ap_find_token(). Successful exploitation could allow remote attackers to cause a segmentation fault, or to force ap_find_token() t ... oval:org.secpod.oval:def:41599 The host is installed with Apache HTTP Server 2.2.x before 2.2.33 or 2.4.x before 2.4.26 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle mod_mime. Successful exploitation could allow remote attackers to read one byte past the end of a buff ... oval:org.secpod.oval:def:41596 The host is installed with Apache HTTP Server 2.2.x through 2.2.33 or 2.4.x before 2.4.26 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase. Success ... oval:org.secpod.oval:def:41597 The host is installed with Apache HTTP Server 2.2.x before 2.2.33 or 2.4.x before 2.4.26 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle third-party modules. Successful exploitation could allow remote attackers to derefer ... oval:org.secpod.oval:def:83781 The host is installed with Apache http server through 2.2.34 and 2.4.x through 2.4.27 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle issues in unrecognized method in .htaccess ("OptionsBleed"). Successful exploitation could allow remote at ... oval:org.secpod.oval:def:34697 The host is installed with Apache HTTP Server 2.2.x through 2.2.27 or 2.4.x before 2.4.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails when request body decompression is enabled. Successful exploitation could allow remote attackers to cause a d ... oval:org.secpod.oval:def:24274 The host is installed with Microsoft IE 11, Edge, Mozilla Firefox before 44.0 or Google Chrome before 48.0.2564.82 and is prone to a bar mitzvah attack vulnerability. A flaw is present in the RC4 algorithm, which does not properly combine state data with key data during the initialization phase. Suc ... |