Two vulnerabilities have been discovered in the Apache HTTP server:
CVE-2021-44224
When operating as a forward proxy, Apache was depending on the setup
suspectible to denial of service or Server Side Request forgery
CVE-2021-44790
A buffer overflow in mod_lua may result in denial of service or
potentially the execution of arbitrar ...
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for httpd is now available for Red Hat Enterprise Linux 77 Advanced Update Support, Red Hat Enterprise Linux 77 Telco E ...
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for httpd is now available for Red Hat Enterprise Linux 76 Advanced Update Support, Red Hat Enterprise Linux 76 Telco E ...
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for httpd is now available for Red Hat Enterprise Linux 73 Advanced Update SupportRed Hat Product Security has rated th ...
Synopsis
Important: httpd:24 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the httpd:24 module is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat ...
Synopsis
Important: Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Important
Topic
An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 13 on OCP 47-49 (G ...
Synopsis
Important: httpd security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for httpd is now available for Red Hat Enterprise Linux 74 Advanced Update SupportRed Hat Product Security has rated th ...
Synopsis
Important: httpd24-httpd security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for httpd24-httpd is now available for Red Hat Software CollectionsRed Hat Product Security has rated this updat ...
Synopsis
Important: Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Important
Topic
An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 12 (GitOps v122)Re ...
There's a null pointer dereference and server-side request forgery flaw in httpd's mod_proxy module, when it is configured to be used as a forward proxy A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Domain Socket requests In the worst case, this could ...
There's a null pointer dereference and server-side request forgery flaw in httpd's mod_proxy module, when it is configured to be used as a forward proxy A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Domain Socket requests In the worst case, this could ...
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts) The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one This issue affects Apache HTTP Server 2451 and earlier ...
There's a null pointer dereference and server-side request forgery flaw in httpd's mod_proxy module, when it is configured to be used as a forward proxy A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Domain Socket requests In the worst case, this could ...
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page
Apple security documents reference vulnerabilities by CVE-ID  ...
Tenablesc versions 5140 through 5191 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances An attacker would first have to stage a specific file type in the web server root of the Tenablesc host prior to remote exploitation
Also, Tenable ...
Tenablesc leverages third-party software to help provide underlying functionality One of the third-party components (Apache) was found to contain vulnerabilities, and updated versions have been made available by the providers
Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential imp ...
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS ...