Debian Bug report logs -
#847124
apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used
Package:
src:apache2;
Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 5 Dec 2016 20:1 ...
Several vulnerabilities were discovered in the Apache2 HTTP server
CVE-2016-0736
RedTeam Pentesting GmbH discovered that mod_session_crypto was
vulnerable to padding oracle attacks, which could allow an attacker
to guess the session cookie
CVE-2016-2161
Maksim Malyutin discovered that malicious input to mod_auth_digest
could cause the ...
Several security issues were fixed in Apache HTTP Server ...
Several security issues were fixed in Apache HTTP Server ...
Synopsis
Moderate: httpd security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1 for RHEL 7
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1 for RHEL 6
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Core Services on RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A ...
Synopsis
Moderate: httpd security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Synopsis
Moderate: httpd24-httpd security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
Updated httpd24 packages are now available as a part of Red Hat Software Collections 24 for Red Hat Enterprise LinuxRed Hat Product Security has rated this update as having a security ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Service Pack 1
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Apache HTTP Request Parsing Whitespace DefectsIt was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote att ...
The following security-related issues were fixed:
Padding oracle vulnerability in Apache mod_session_crypto (CVE-2016-0736)DoS vulnerability in mod_auth_digest (CVE-2016-2161)Apache HTTP request parsing whitespace defects (CVE-2016-8743) ...
ap_find_token() buffer overread:A buffer over-read flaw was found in the httpd's ap_find_token() function A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request (CVE-2017-7668 )
Apache HTTP Request Parsing Whitespace Defects:It was discovered that the HTTP parser in httpd incorrectly allow ...
SecurityCenter has recently been discovered to contain several vulnerabilities Four issues in the SC code were discovered during internal testing by Barry Clark, and several third-party libraries were upgraded as part of our internal security process Note that the library vulnerabilities were not fully diagnosed so SecurityCenter is possibly impa ...