Red Hat Security Advisory 2017-1414-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
e31cbbf43e6335aa07238e1960a554f893a663a6add6b13476337524256e651aRed Hat Security Advisory 2017-1413-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
fc5d578ab608d805766f010632eaa528562b46809479d52a698f7d9a3c64dc63Red Hat Security Advisory 2017-1415-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
24687afd6a4178ce7a6bea57d07ffe21c8d73aff655ff9ce66ec2a3fe153139eUbuntu Security Notice 3279-1 - It was discovered that the Apache mod_session_crypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker could possibly use this issue to perform padding oracle attacks. Maksim Malyutin discovered that the Apache mod_auth_digest module incorrectly handled malicious input. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. Various other issues were also addressed.
bbdfa79eba72bc753893522747a5eb3bf4a031465d01c2e221814594c43835baRed Hat Security Advisory 2017-1161-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The httpd24 Software Collection has been upgraded to version 2.4.25, which provides a number of bug fixes and enhancements over the previous version.
710ab5969c463a1c7526a5fa70f4c55c2c4077082b7622e31e2ba0c00acae88fRed Hat Security Advisory 2017-0906-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication.
7c210a8b37d4cd2e91b8ab709f2b9b1b488e62df7478fbcbd90bdcf5da29873eHPE Security Bulletin HPESBUX03725 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), Unauthorized Read Access to Data and other impacts including: * Padding Oracle attack in Apache mod_session_crypto * Apache HTTP Request Parsing Whitespace Defects. Revision 1 of this advisory.
5df1b537a3a2899886f0263d940c4193b758bfc583dd96021c5e940a90f029a8Apple Security Advisory 2017-03-27-3 - macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite are now available and address multiple vulnerabilities.
54a3d5f1eafce35231db5001f3683c3b0fd1ddc198a138e24dfe71082667f5b2Gentoo Linux Security Advisory 201701-36 - Multiple vulnerabilities have been found in Apache, the worst of which could lead to a Denial of Service condition. Versions less than 2.4.25 are affected.
1292b9a5dc4a22a3a1e118a36945f470a06cc815f7880cb1f257c44072e7af03Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
22fc1355a7f37d12eb2d8b8c12a36a28a6c7a5fff687e63fde903035e36acf96Apache mod_session_crypto versions 2.3 through 2.5 suffer form a padding oracle vulnerability.
390f7fdc6969dd238103bdc9a74a406df47dd249a11cddc2a73743e36e51e549
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed