Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
d5dbf0c65f72566b9be057760bac7a73e25237374e8c784ff7de9d54c776e93cGentoo Linux Security Advisory 202409-31 - Multiple vulnerabilities have been found in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.62 are affected.
e140c2ea34336c36470495b8e5becd4da0e3fc777733afa65462c3ef0f63a24cRed Hat Security Advisory 2024-7101-03 - An update for httpd is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
9ae1792f18338c0118e1051f213a85c3abc73f5225741a02d641a34d46a95f7dUbuntu Security Notice 6885-3 - USN-6885-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions.
31166839dd976fb13f0b4dbd232274dc5adcbdb22f6e4157c52f92b68f799311Red Hat Security Advisory 2024-6584-03 - An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.
9f03a895b4dfe3dd4154e54945c6bd5fde7d9fcf6d9fa58550f995afb064711eRed Hat Security Advisory 2024-6583-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
3d04ce7b21c085ec0f6b1a818136fb087bb7f8e28806e9b6f4a756428ef242cbRed Hat Security Advisory 2024-6468-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
cf04e6a3c4f89a69bcd91c7181f445c06009fc136035ce20e28e601d6214c3e9Red Hat Security Advisory 2024-6467-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.
3e5649205cde5160d276f5fae7b7557fdd4d6db60565db7f11d837249dea77a9Red Hat Security Advisory 2024-6136-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
f48d4433bd71d5f9607c818a66b7204164c9a8d57cffe794ee97d07416d86971Red Hat Security Advisory 2024-5832-03 - An update for httpd is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
fee78e473a0a408dd17f318a66be52cb4b2cf4f724a0a8dbd13a6f5160a6f821Red Hat Security Advisory 2024-5812-03 - An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
3aa6181b7b8ac969314db66a7ff786d292f111907bbcdbd5d269b930ebd5300eRed Hat Security Advisory 2024-5193-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.
ab7341bff492c9bb183fae815b96fda34d31876b5f5db379d7a3f04c1af3eba8Red Hat Security Advisory 2024-5138-03 - An update for httpd is now available for Red Hat Enterprise Linux 9.
f9e8e795dac95c728489eb9e3d3b9bf159bf15818fe6c3f962c837b99c63fed0Debian Linux Security Advisory 5729-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service.
eb3189e905bc36ecd2fc5d02a5e9ced5c23c59fc1c76baa032f550292bf26979Ubuntu Security Notice 6885-2 - USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions. Orange Tsai discovered that the Apache HTTP Server incorrectly handled certain response headers. A remote attacker could possibly use this issue to obtain sensitive information, execute local scripts, or perform SSRF attacks. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. It was discovered that the Apache HTTP Server incorrectly handled certain handlers configured via AddType. A remote attacker could possibly use this issue to obtain source code.
09a87e1b0ca03b35feb4d66d7489813a4fc3939cea0c49c3c31bf9e7662b2f1fUbuntu Security Notice 6885-1 - Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication.
dc636ce74692d3f1a7da32825e61e1fcdc0b5d5a5413a13dc147dac6ff15aae4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed