Several vulnerabilities have been found in the Apache HTTPD server
CVE-2017-3167
Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by
third-party modules outside of the authentication phase may lead to
authentication requirements being bypassed
CVE-2017-3169
Vasileios Panopoulos of AdNovum Informatik AG discovered ...
Several security issues were fixed in Apache HTTP Server ...
Several security issues were fixed in Apache HTTP Server ...
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Topic
An update for httpd is now available for Red Hat Enterprise Linux 72 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Topic
An update for httpd is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Topic
An update for httpd is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
A buffer over-read flaw was found in the httpd's mod_mime module A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash ...
ap_find_token() buffer overread:A buffer over-read flaw was found in the httpd's ap_find_token() function A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request (CVE-2017-7668 )
Apache HTTP Request Parsing Whitespace Defects:It was discovered that the HTTP parser in httpd incorrectly allow ...
A NULL pointer dereference flaw was found in the httpd's mod_ssl module A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request (CVE-2017-3169)
It was discovered that the use of httpd's ap_get_basic_auth_pw() API function ...
An out-of-bounds read has been found in Apache httpd < 2426, where mod_mime can read one byte past the end of a buffer when a malicious Content-Type response header is sent ...
Tenablesc leverages third-party software to help provide underlying functionality Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers
Out of caution and in line with good practice, Tenable opted to upgrade the bun ...