Red Hat Security Advisory 2022-7143-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
bf2ee19802cc5c27a2aa9448e79d3d3c92beaa03423df3702ac3e20dc59fe7e8Red Hat Security Advisory 2022-7144-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
5e09c50bbba41656cd9c5515ccf86fb9be862fbe6d5d82a630028a1a5bde28e5Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
28d7f2e087a5d9425e253343d93cbc36c274fd300fda47cab8198615c8ea532aGentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.
09faf82799a2bf38cabe52ae6e5241cdb6c0783b19a0355526c5faf16d5eadc3Red Hat Security Advisory 2022-1915-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include out of bounds read and server-side request forgery vulnerabilities.
e1df27115d97b33c33fdb76ca1928e3a63a0f7a50ef9b98e374d459279351006Debian Linux Security Advisory 4982-1 - Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition a vulnerability was discovered in mod_proxy with which an attacker could trick the server to forward requests to arbitrary origin servers.
7db80ce9950cf39bde931c5a0d161d513946d1d1b1ee44990405a9c7cee50a76Ubuntu Security Notice 5090-4 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. Various other issues were also addressed.
97566fcdf572aabba3700b134cb12c430056ecb69fad0c05e485f33bb178308aUbuntu Security Notice 5090-3 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
b581416306f3dd476e571d54877a550435c22900a370f6c91efbf9d6ff8a914fUbuntu Security Notice 5090-1 - James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Various other issues were also addressed.
4f7aac22cc9fea438546a6e2165f1fd88e03efade01784bf4e244e2cf8f08093
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed