Synopsis
Moderate: httpd security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Synopsis
Moderate: httpd security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Synopsis
Moderate: httpd24-httpd security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
Updated httpd24 packages are now available as a part of Red Hat Software Collections 24 for Red Hat Enterprise LinuxRed Hat Product Security has rated this update as having a security ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1 for RHEL 6
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Core Services on RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1 for RHEL 7
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A ...
Apache HTTP Request Parsing Whitespace DefectsIt was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote att ...
Several vulnerabilities were discovered in the Apache2 HTTP server
CVE-2016-0736
RedTeam Pentesting GmbH discovered that mod_session_crypto was
vulnerable to padding oracle attacks, which could allow an attacker
to guess the session cookie
CVE-2016-2161
Maksim Malyutin discovered that malicious input to mod_auth_digest
could cause the ...
Several security issues were fixed in Apache HTTP Server ...
Several security issues were fixed in Apache HTTP Server ...
The following security-related issues were fixed:
Padding oracle vulnerability in Apache mod_session_crypto (CVE-2016-0736)DoS vulnerability in mod_auth_digest (CVE-2016-2161)Apache HTTP request parsing whitespace defects (CVE-2016-8743) ...
Debian Bug report logs -
#847124
apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used
Package:
src:apache2;
Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 5 Dec 2016 20:1 ...
ap_find_token() buffer overread:A buffer over-read flaw was found in the httpd's ap_find_token() function A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request (CVE-2017-7668 )
Apache HTTP Request Parsing Whitespace Defects:It was discovered that the HTTP parser in httpd incorrectly allow ...
This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Controller There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 and the IBM® Runtime Environment Java™ Technology Edition, Version 8 that are used by IBM Cognos Controller 1020, 1021, 1030, 1031 and 104 ...
Oracle Solaris Third Party Bulletin - January 2017
Description
The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Up ...
Oracle Linux Bulletin - July 2017
Description
The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...
SecurityCenter has recently been discovered to contain several vulnerabilities Four issues in the SC code were discovered during internal testing by Barry Clark, and several third-party libraries were upgraded as part of our internal security process Note that the library vulnerabilities were not fully diagnosed so SecurityCenter is possibly impa ...
Oracle Critical Patch Update Advisory - April 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus ...
Oracle Linux Bulletin - April 2017
Description
The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are release ...
Vulmon