Astra Linux - уязвимость в apache2

A substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attackers to execute scripts in directories permitted by the configuration, but these directories are not directly accessible via URLs. Additionally, the source of these scripts may not be disclosed, as th...

EUVD-2024-37357

Malicious code in bioql PyPI...

SUSE CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2769)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2024-2473)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.CVE-2023-38709 HTT...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2368)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2024-2101 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or...

Server Side Request Forgery (SSRF)

Apache HTTP Server 2.4.59 is vulnerable to SSRF. The vulnerability is due to a missing validation in response headers leading to information disclosure, SSRF or local script execution via backend applications which have malicious or exploitable header...

SUSE CVE-2024-38473

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CVE-2024-38477

A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service. Mitigation Red Hat has investigated whether a possible mitigation exists for thi...

DEBIAN-CVE-2024-38477

null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

DEBIAN-CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

Apache HTTP Server Security Vulnerability

Apache HTTP Server is an open source web server from the Apache Foundation USA. The server is fast, reliable, and extensible through a simple API. A security vulnerability exists in Apache HTTP Server 2.4.59 and earlier versions, which stems from a coding issue in modproxy that could bypass...

PT-2024-4623

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.59 and earlier Description: The issue is related to the core of the Apache HTTP Server, where malicious or exploitable response headers from backend applications can lead to information disclosure, Server-Side...

Exploit for OS Command Injection in Php

Incident Response Walkthrough: Mitigating a Zero-Day Attack...

OESA-2024-1553 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. CVE-2023-38709 HTTP...

CVE-2023-38709 affecting package httpd for versions less than 2.4.59-1

CVE-2023-38709 affecting package httpd for versions less than 2.4.59-1. An upgraded version of the package is available that resolves this issue...

Medium: httpd

Issue Overview: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. CVE-2023-38709 HTTP Response splitting in multiple modules in Apache HTTP Server allows an...

Updated apache packages fix security vulnerabilities

Apache has been updated to version 2.4.59 to fix CVE-2024-27316, CVE-2024-24795 and CVE-2023-38709. CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames cve.mitre.org HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in...

Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Apache has released updates to fix the vulnerabilities in Apache server 2.4.59...