Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on RHEL 6 and RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP1 security update
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2429 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has ...
Synopsis
Moderate: httpd security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis
Moderate: httpd24 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...
Several vulnerabilities have been found in the Apache HTTPD server
CVE-2017-15710
Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if
configured with AuthLDAPCharsetConfig, could cause an out of bound write
if supplied with a crafted Accept-Language header This could
potentially be used for a Denial of Service attack ...
Several security issues were fixed in the Apache HTTP Server ...
Several security issues were fixed in the Apache HTTP Server ...
Use-after-free on HTTP/2 stream shutdownWhen an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2430 could have written a NULL pointer potentially to an already freed memory The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team ...
It has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2429, has an improper input validation flaw in the way it handles HTTP session headers in some configurations A remote attacker may influence their content by using a "Session" header ...
In Apache httpd 220 before 2430, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is als ...
Tenablesc leverages third-party software to help provide underlying functionality Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers
Out of caution and in line with good practice, Tenable opted to upgrade the bun ...