Download
| Alert*
oval:org.secpod.oval:def:54103
The host is installed with Apache HTTP Server 2.4.25 and is prone to a NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle a maliciously constructed HTTP/2 request. Successful exploitation could allow attackers to dereference a NULL pointer an ... oval:org.secpod.oval:def:42677 The host is installed with Apache HTTP Server 2.4.17 through 2.4.23 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle exceptional conditions. Successful exploitation could allow remote attackers to cause a denial of service. oval:org.secpod.oval:def:42678 The host is installed with Apache HTTP Server 2.4.17 or 2.4.18 and is prone to a remote denial of service vulnerability. A flaw is present in the application, which fails to handle exceptional conditions. Successful exploitation could allow remote attackers to cause a denial of service. oval:org.secpod.oval:def:83787 The host is installed with Apache Http server 2.4.33 or 2.4.18 through 2.4.30 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle specially crafting http/2 requests. Successful exploitation could allow remote attackers to denial of service. oval:org.secpod.oval:def:83788 The host is installed with Apache Http Server 2.4.33 and is prone to a null pointer vulnerability. A flaw is present in the application, which fails to handle crafting http requests. Successful exploitation could lead to denial of service. oval:org.secpod.oval:def:42679 The host is installed with Apache HTTP Server 2.4.18 through 2.4.20 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a SSL client certificate validation. Successful exploitation could allow remote attackers to access resources protected by ... oval:org.secpod.oval:def:63827 The host is installed with Apache HTTP Server 2.4.0 through 2.4.41 and is prone to an open redirect vulnerability. A flaw is present in the application, which fails to properly handle malformed links in the mod_rewrite configurations. Successful exploitation could allow attackers to cause redirectio ... oval:org.secpod.oval:def:63828 The host is installed with Apache HTTP Server 2.4.0 through 2.4.41 and is prone to an uninitialized resource usage vulnerability. A flaw is present in the application, which fails to properly handle an issue in mod_proxy_ftp. Successful exploitation could allow attackers to cause the usage of uninit ... oval:org.secpod.oval:def:39104 Apache HTTP Server 2.4.x 32-bit is installed on the system oval:org.secpod.oval:def:41600 The host is installed with Apache HTTP Server 2.2.x before 2.2.34 and 2.4.x before 2.4.27 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle mod_mime. Successful exploitation could allow remote attackers to leak confidential informati ... oval:org.secpod.oval:def:41601 The host is installed with Apache HTTP Server 2.4.26 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle HTTP/2 handling code. Successful exploitation could allow remote attackers to access memory after it has been freed, resulting in po ... oval:org.secpod.oval:def:41594 The host is installed with Apache HTTP Server 2.4.x through 2.4.23 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle malicious input to mod_auth_digest. Successful exploitation could allow remote attackers to perform request smuggling, res ... oval:org.secpod.oval:def:41595 The host is installed with Apache HTTP Server 2.4.x through 2.4.23 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle mod_session_crypto. Successful exploitation could allow remote attackers to padding oracle attacks, particularly with CBC. oval:org.secpod.oval:def:41593 The host is installed with Apache HTTP Server 2.2.x through 2.2.32 or 2.4.x before 2.4.25 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle whitespace accepted from requests. Successful exploitation could allow remote attackers to perform reque ... oval:org.secpod.oval:def:75218 The host is installed with Apache HTTP Server 2.4.49 and is prone to a NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle null pointers in HTTP/2 request process. Successful exploitation allows an external source to DoS the server. oval:org.secpod.oval:def:47260 The host is installed with Apache HTTP Server 2.2.x before 2.2.32 or 2.4.x before 2.4.24 and is prone to a CRLF Injection vulnerability. A flaw is present in the application, which fails to handle the Location or other outbound header key or value. Successful exploitation could allow remote attacker ... oval:org.secpod.oval:def:83790 The host is installed with Apache Http Server before 2.4.52 and is prone to a http request smuggling vulnerability. A flaw is present in the application, which fails to handle issues in closing inbound connection. Successful exploitation could allow remote attackers to gain access to sensitive data. oval:org.secpod.oval:def:83791 The host is installed with Apache Http Server 2.4.0 through 2.4.52 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fails to handle issues in mod_sed. Successful exploitation could allow remote attackers to overwrite heap memory. oval:org.secpod.oval:def:54097 The host is installed with Apache HTTP Server 2.4.x through 2.4.38 and is prone to a remote security vulnerability. A flaw is present in the application, which fails to properly handle the servers processing when the path component of a request URL contains multiple consecutive slashes ('/'). Succes ... oval:org.secpod.oval:def:55065 The host is installed with Apache HTTP Server 2.4.17 through 2.4.37 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the HTTP/2 (mod_http2) connections. Successful exploitation could allow attackers to cause a denial of service f ... oval:org.secpod.oval:def:54098 The host is installed with Apache HTTP Server 2.4.18 through 2.4.38 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle the http/2 request. Successful exploitation could allow attackers to bypass certain security restrictions and to p ... oval:org.secpod.oval:def:55066 The host is installed with Apache HTTP Server version 2.4.37 with OpenSSL version 1.1.1 or later and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the client negotiations by mod_ssl. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:55064 The host is installed with Apache HTTP Server 2.4.x through 2.4.37 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle the mod_session expiry time check issue. Successful exploitation could allow attackers to ignore session expiry tim ... oval:org.secpod.oval:def:54099 The host is installed with Apache HTTP Server 2.4.34 through 2.4.38 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an upgrade request from http/1.1 to http/2. Successful exploitation could allow attackers to cause misconfigurat ... oval:org.secpod.oval:def:83789 The host is installed with Apache Http Server 2.4.52 before and is prone to an improper initialization vulnerability. A flaw is present in the application, which fails to handle carefully crafted request body. Successful exploitation could allow remote attackers to read to a random memory area which ... oval:org.secpod.oval:def:83785 The host is installed with Apache http server version before 2.4.29 and is prone to an out of bound read vulnerability. A flaw is present in the application, which fails to handle issues in mod_cache_socache. Successful exploitation could allow remote attackers to denial of service. oval:org.secpod.oval:def:83786 The host is installed with Apache Http Server 2.2.0 through 2.2.34 or 2.4.0 through 2.4.29 and is prone to an improper authentication vulnerability. A flaw is present in the application, which fails to handle issues in mod_auth_digest. Successful exploitation could allow remote attackers to replay H ... oval:org.secpod.oval:def:83782 The host is installed with Apache http server versions 2.4.0 to 2.4.29 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle issues in mod_session data for CGI applications. Successful exploitation could allow a remote user may influenc ... oval:org.secpod.oval:def:83783 The host is installed with Apache http server versions before 2.4.29 and is prone to an out of bound access vulnerability. A flaw is present in the application, which fails to handle issues in reading the HTTP request. Successful exploitation could lead to unspecified impact. oval:org.secpod.oval:def:83784 The host is installed with Apache Http Server before 2.4.29 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle HTTP/2 stream shutdown. Successful exploitation could allow remote attackers to cause denial of service. oval:org.secpod.oval:def:83780 The host is installed with Apache HTTP Server 2.4.0 through 2.4.29 and is prone to an improper input validation vulnerability. A flaw is present in the application, which fails to handle issues in matching the trailing portion of the filename. Successful exploitation could allow a remote attacker to ... oval:org.secpod.oval:def:54101 The host is installed with Apache HTTP Server 2.4.x through 2.4.38 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a race condition in mod_auth_digest when running in a threaded server. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:54102 The host is installed with Apache HTTP Server 2.4.17 through 2.4.38 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the less-privileged child processes or threads. Successful exploitation could allow attackers to execute arbi ... oval:org.secpod.oval:def:54100 The host is installed with Apache HTTP Server 2.4.37 through 2.4.38 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a per-location client certificate verification with TLSv1.3. Successful exploitation could allow attackers to bypa ... oval:org.secpod.oval:def:82626 The host is installed with Apache HTTP Server 2.4.0 through 2.4.53 and is prone to an inconsistent interpretation of HTTP requests vulnerability. A flaw is present in the application, which fails to properly handle issues in mod_proxy_ajp. Successful exploitation could allow attackers to smuggle req ... oval:org.secpod.oval:def:82625 The host is installed with Apache HTTP Server 2.4.0 through 2.4.52 and is prone to an out-of-bounds write of data authenticity vulnerability. A flaw is present in the application, which fails to properly handle issues in mod_sed. Successful exploitation could allow an attacker to overwrite heap memo ... oval:org.secpod.oval:def:83779 The host is installed with Apache Http Server 2.4.0 to 2.4.29 and is prone to an out of bound write vulnerability. A flaw is present in the application, which fails to handle issues in mod_authnz_ldap. Successful exploitation could allow remote attackers to denial of service. oval:org.secpod.oval:def:83792 The host is installed with Apache Http Server before 2.5.2 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle integer overflow. Successful exploitation could allow remote attacker to overflow a buffer and execute arbitrary code on the system ... oval:org.secpod.oval:def:47772 The host is installed with Apache HTTP Server 2.4.17 through 2.4.34 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle maximum-size SETTINGS frames for an ongoing HTTP/2 connection. Successful exploitation could allow remote attackers to de ... oval:org.secpod.oval:def:75217 The host is installed with Apache HTTP Server 2.4.49 and is prone to a path traversal vulnerability. A flaw is present in the application, which fails to properly handle a issue in path normalization. Successful exploitation could allow attackers to use a path traversal attack to map URLs to files o ... oval:org.secpod.oval:def:41598 The host is installed with Apache HTTP Server 2.2.32 and 2.4.24 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle ap_find_token(). Successful exploitation could allow remote attackers to cause a segmentation fault, or to force ap_find_token() t ... oval:org.secpod.oval:def:41599 The host is installed with Apache HTTP Server 2.2.x before 2.2.33 or 2.4.x before 2.4.26 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle mod_mime. Successful exploitation could allow remote attackers to read one byte past the end of a buff ... oval:org.secpod.oval:def:41596 The host is installed with Apache HTTP Server 2.2.x through 2.2.33 or 2.4.x before 2.4.26 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase. Success ... oval:org.secpod.oval:def:41597 The host is installed with Apache HTTP Server 2.2.x before 2.2.33 or 2.4.x before 2.4.26 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle third-party modules. Successful exploitation could allow remote attackers to derefer ... oval:org.secpod.oval:def:83781 The host is installed with Apache http server through 2.2.34 and 2.4.x through 2.4.27 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle issues in unrecognized method in .htaccess ("OptionsBleed"). Successful exploitation could allow remote at ... |