Headline
Gentoo Linux Security Advisory 202409-31
Gentoo Linux Security Advisory 202409-31 - Multiple vulnerabilities have been found in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.62 are affected.
Gentoo Linux Security Advisory GLSA 202409-31
https://security.gentoo.org/
Severity: Low
Title: Apache HTTPD: Multiple Vulnerabilities
Date: September 28, 2024
Bugs: #928540, #935296, #935427, #936257
ID: 202409-31
Synopsis
Multiple vulnerabilities have been found in Apache HTTPD, the worst of
which could result in denial of service.
Background
The Apache HTTP server is one of the most popular web servers on the
Internet.
Affected packages
Package Vulnerable Unaffected
www-servers/apache < 2.4.62 >= 2.4.62
Description
Multiple vulnerabilities have been discovered in Apache HTTPD. Please
review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=www-servers/apache-2.4.62”
References
[ 1 ] CVE-2023-38709
https://nvd.nist.gov/vuln/detail/CVE-2023-38709
[ 2 ] CVE-2024-24795
https://nvd.nist.gov/vuln/detail/CVE-2024-24795
[ 3 ] CVE-2024-27316
https://nvd.nist.gov/vuln/detail/CVE-2024-27316
[ 4 ] CVE-2024-36387
https://nvd.nist.gov/vuln/detail/CVE-2024-36387
[ 5 ] CVE-2024-38472
https://nvd.nist.gov/vuln/detail/CVE-2024-38472
[ 6 ] CVE-2024-38473
https://nvd.nist.gov/vuln/detail/CVE-2024-38473
[ 7 ] CVE-2024-38474
https://nvd.nist.gov/vuln/detail/CVE-2024-38474
[ 8 ] CVE-2024-38475
https://nvd.nist.gov/vuln/detail/CVE-2024-38475
[ 9 ] CVE-2024-38476
https://nvd.nist.gov/vuln/detail/CVE-2024-38476
[ 10 ] CVE-2024-38477
https://nvd.nist.gov/vuln/detail/CVE-2024-38477
[ 11 ] CVE-2024-39573
https://nvd.nist.gov/vuln/detail/CVE-2024-39573
[ 12 ] CVE-2024-39884
https://nvd.nist.gov/vuln/detail/CVE-2024-39884
[ 13 ] CVE-2024-40725
https://nvd.nist.gov/vuln/detail/CVE-2024-40725
[ 14 ] CVE-2024-40898
https://nvd.nist.gov/vuln/detail/CVE-2024-40898
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202409-31
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Related news
Red Hat Security Advisory 2024-8680-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and null pointer vulnerabilities.
Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Debian Linux Security Advisory 5729-2 - The fixes for CVE-2024-38474 and CVE-2024-39884 introduced two regressions in mod_rewrite and mod_proxy.
Red Hat Security Advisory 2024-7101-03 - An update for httpd is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Ubuntu Security Notice 6885-3 - USN-6885-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions.
Ubuntu Security Notice 6885-3 - USN-6885-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions.
Ubuntu Security Notice 6885-3 - USN-6885-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions.
Ubuntu Security Notice 6885-3 - USN-6885-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions.
Red Hat Security Advisory 2024-6584-03 - An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.
Red Hat Security Advisory 2024-5832-03 - An update for httpd is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Security Advisory 2024-5812-03 - An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Security Advisory 2024-5193-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-5147-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-5144-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-5143-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-5001-03 - An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a server-side request forgery vulnerability.
Red Hat Security Advisory 2024-5001-03 - An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a server-side request forgery vulnerability.
Red Hat Security Advisory 2024-4943-03 - An update for httpd is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Security Advisory 2024-4938-03 - An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2024-4938-03 - An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2024-4938-03 - An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2024-4830-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2024-4830-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2024-4830-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2024-4827-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2024-4827-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2024-4827-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2024-4820-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2024-4820-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2024-4820-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a null pointer vulnerability.
Ubuntu Security Notice 6902-1 - It was discovered that the Apache HTTP Server incorrectly handled certain handlers configured via AddType. A remote attacker could possibly use this issue to obtain source code.
Debian Linux Security Advisory 5729-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service.
Debian Linux Security Advisory 5729-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service.
Debian Linux Security Advisory 5729-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service.
Debian Linux Security Advisory 5729-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service.
Debian Linux Security Advisory 5729-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service.
Debian Linux Security Advisory 5729-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service.
Debian Linux Security Advisory 5729-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service.
Ubuntu Security Notice 6885-2 - USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to h...
Ubuntu Security Notice 6885-2 - USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to h...
Ubuntu Security Notice 6885-2 - USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to h...
Ubuntu Security Notice 6885-2 - USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to h...
Ubuntu Security Notice 6885-2 - USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to h...
Ubuntu Security Notice 6885-2 - USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to h...
Ubuntu Security Notice 6885-2 - USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to h...
Ubuntu Security Notice 6885-2 - USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to h...
Ubuntu Security Notice 6885-1 - Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication.
Ubuntu Security Notice 6885-1 - Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication.
Ubuntu Security Notice 6885-1 - Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication.
Ubuntu Security Notice 6885-1 - Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication.
Ubuntu Security Notice 6885-1 - Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication.
Ubuntu Security Notice 6885-1 - Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication.
Ubuntu Security Notice 6885-1 - Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication.
Ubuntu Security Notice 6885-1 - Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication.
Red Hat Security Advisory 2024-4390-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-4197-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a HTTP response splitting vulnerability.
Red Hat Security Advisory 2024-3417-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 6729-3 - USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service.
Ubuntu Security Notice 6729-3 - USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service.
Ubuntu Security Notice 6729-3 - USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service.
Ubuntu Security Notice 6729-2 - USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.
Ubuntu Security Notice 6729-2 - USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.
Ubuntu Security Notice 6729-2 - USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.
Debian Linux Security Advisory 5662-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.
Debian Linux Security Advisory 5662-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.
Debian Linux Security Advisory 5662-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.
Ubuntu Security Notice 6729-1 - Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.
Ubuntu Security Notice 6729-1 - Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.
Ubuntu Security Notice 6729-1 - Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.
Red Hat Security Advisory 2024-1786-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.