Red Hat Security Advisory 2017-2709-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
2ac64c19d1282e8e4757edfb228e6d060ab5b7c725aa50c650b9389e6a8d12de
Red Hat Security Advisory 2017-2710-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
f2fe37f0306236a787af5128425d4e437d5540a95b02a9f907fb8336199a0a34
Red Hat Security Advisory 2017-2708-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
66e84ee5fd498fe4ddec7d8e290d18e7f6622bf5cca3405b49e82ae2ead7feae
Red Hat Security Advisory 2016-2957-01 - This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. Security Fix: This update fixes several flaws in OpenSSL.
74baff33a674c45e41ccf55a650db1510528f79d7721465b4047850b17a58f49
Apple Security Advisory 2015-09-16-4 - OS X Server 5.0.3 is now available and addresses denial of service, code execution, and various other vulnerabilities.
8254c8d55f2667e65687c75dc0e4ebbbd127b907729adba11b4a141d12fc30b2
Apple Security Advisory 2015-09-16-2 - Xcode 7.0 is now available and addresses traffic inspection, access bypass, and various other vulnerabilities.
7a3af52221713d401a1c4f2c0809a381ca1e1c7cc53f03c7a03efe9fde6277f6
Red Hat Security Advisory 2015-1666-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied.
0f0af590cf4c621e7c0a3e37a8fe52a41b798cb1d1718c319834d751b885ed27
Red Hat Security Advisory 2015-1667-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied.
cc995bdec6db74fa4bd9ed6a37fcb3a2d131bada36289012607e855214d38823
Debian Linux Security Advisory 3325-2 - The security update from DSA-3325-1 caused a regression for the oldstable distribution (wheezy). In some configurations, apache2 would fail to start with a spurious error message about the certificate chain. This update fixes this problem.
fd4d8ea6fb703a779ebd203d0b03250043668ae38cf071ff46e94eebb23692e2
Debian Linux Security Advisory 3325-1 - Several vulnerabilities have been found in the Apache HTTPD server.
7eb41d5e0dde8b13a8166433bf5d89842f644f90dca24040daea5c78a82cd56d
Ubuntu Security Notice 2686-1 - It was discovered that the Apache HTTP Server incorrectly parsed chunk headers. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks. It was discovered that the Apache HTTP Server incorrectly handled the ap_some_auth_required API. A remote attacker could possibly use this issue to bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.
3c6254fd60e8dfa90b9d54b8281fd49cf2896d7495e64eaffb88a8ceccf7aed2
Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
36799e7bd8fbb814ff99012997a8e5d129d9c75f98b4f4fa759d4b8c20dff96f