Security
Headlines
HeadlinesLatestCVEs

Tag

#apache

RHSA-2023:0852: Red Hat Security Advisory: httpd:2.4 security and bug fix update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid...

Red Hat Security Data
#vulnerability#web#linux#red_hat#dos#apache#ldap#ibm#ssl
GHSA-hfrx-6qgj-fp6c: Apache Commons FileUpload denial of service vulnerability

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.

GHSA-337f-xr2x-6fcf: Apache Kerby LdapIdentityBackend LDAP Injection vulnerability

An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3.

CVE-2022-48317: Fix session cookie validation on RestAPI

Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI.

CVE-2023-25613

An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3.

CVE-2023-24998

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.

Majority of Ransomware Attacks Last Year Exploited Old Bugs

New research shows that 57 vulnerabilities that threat actors are currently using in ransomware attacks enable everything from initial access to data theft.

CVE-2021-33950: XXE injection security vulnerability · openkm/document-management-system@ce1d823

An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function.

CVE-2021-33949: Command execution vulnerability in /wms/src/system/databak.php · Issue #10 · FeMiner/wms

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.