Download
| Alert*
oval:org.secpod.oval:def:89045082
This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_diges ... oval:org.secpod.oval:def:73705 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:4501322 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session: NULL pointer dereference when parsing Cookie header * httpd: Unexpected URL matching with "MergeSlashes OFF" For more details about the security issue, including ... oval:org.secpod.oval:def:2500250 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1505515 [2.4.6-97.0.5.5] - mod_session: save one apr_strtok [Orabug: 33338149][CVE-2021-26690] - replace index.html with Oracle"s index page oracle_index.html [2.4.6-97.5] - Resolves: #2065243 - CVE-2022-22720 httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier oval:org.secpod.oval:def:89047147 This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference - fixed CVE-20 ... oval:org.secpod.oval:def:73698 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:706053 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:506489 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_session: NULL pointer dereference when parsing Cookie header * httpd: Unexpected URL matching with "MergeSlashes OFF" For more details about the security issue, including ... oval:org.secpod.oval:def:1505183 [2.4.6-97.0.3.1] - mod_session: save one apr_strtok [Orabug: 33338149][CVE-2021-26690] oval:org.secpod.oval:def:74225 Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes option could result in unexpected behaviour. oval:org.secpod.oval:def:1505187 httpd [2.4.37-39.0.2.1] - mod_session: save one apr_strtok [Orabug: 33338149][CVE-2021-26690] oval:org.secpod.oval:def:73460 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:1505203 httpd [2.4.37-41.0.1] - Add checks on the configured UDS path [Orabug: 33412270][CVE-2021-40438] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-41] - Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS ... oval:org.secpod.oval:def:605575 Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes option could result in unexpected behaviour. oval:org.secpod.oval:def:89045078 This update for apache2 fixes the following issues: - CVE-2021-30641: Fixed MergeSlashes regression - CVE-2021-31618: Fixed NULL pointer dereference on specially crafted HTTP/2 request - CVE-2020-35452: Fixed Single zero byte stack overflow in mod_auth_digest - CVE-2021-26690: Fixed mod_session N ... oval:org.secpod.oval:def:73416 The host is installed with Apache HTTP Server 2.4.0 through 2.4.46 and is prone to a NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted Cookie header. Successful exploitation could allow attackers to cause a NULL pointer d ... oval:org.secpod.oval:def:1506499 [2.4.6-98.0.3] - mod_proxy: ap_proxy_http_request to clear hop-by-hop first and fixup last [CVE-2022-31813][Orabug: 34381850] - mod_session: save one apr_strtok [Orabug: 33338149][CVE-2021-26690] [2.4.6-98.0.1] - replace index.html with Oracle"s index page oracle_index.html [2.4.6-97.7] - Resolves: ... oval:org.secpod.oval:def:89970 The remote host is missing a patch 152644-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1601455 A flaw was found in Apache httpd. The mod_proxy_wstunnel module tunnels non-upgraded connections. A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to system availability. A flaw was found ... oval:org.secpod.oval:def:1700659 A flaw was found in Apache httpd. The mod_proxy_wstunnel module tunnels non-upgraded connections. A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to system availability. A flaw was found ... oval:org.secpod.oval:def:120754 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:89966 The remote host is missing a patch 152643-11 containing a security fix. For more information please visit the reference link. |