Astra Linux - уязвимость в apache2

A encoding problem in the modproxy component of the Apache HTTP Server 2.4.59 and earlier versions allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication through crafted requests. It is recommended that users upgrade to version 2.4.60, as...

Astra Linux - уязвимость в apache2

A substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attackers to execute scripts in directories permitted by the configuration, but these directories are not directly accessible via URLs. Additionally, the source of these scripts may not be disclosed, as th...

Astra Linux - уязвимость в apache2

In Apache HTTP Server 2.4.59 and earlier, a null pointer dereference vulnerability in modproxy allows an attacker to crash the server through a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

Azure Linux 3.0 Security Update: httpd (CVE-2024-38473)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38473 advisory. - Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect...

Linux Distros Unpatched Vulnerability : CVE-2024-38477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are...

Linux Distros Unpatched Vulnerability : CVE-2024-38473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially...

Linux Distros Unpatched Vulnerability : CVE-2024-39884

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. AddType and similar...

Linux Distros Unpatched Vulnerability : CVE-2024-38476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications...

Linux Distros Unpatched Vulnerability : CVE-2024-39573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled ...

SUSE CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2769)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2393)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2024-2101 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or...

F5 Networks BIG-IP : Apache HTTPD vulnerability (K000140784)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000140784 advisory. null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server v...

Important: httpd24

Issue Overview: Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are...

OESA-2024-1852 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or...

CVE-2024-38472

A flaw was found in httpd on Windows systems. This issue potentially allows NTLM hashes to be leaked to a malicious server via Server-side request forgery SSRF and malicious requests or content...

Apache HTTP Server 2.4.60 - 2.4.61 Information Disclosure Vulnerability - Linux

Apache HTTP Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server 2.4.60 - 2.4.61 Information Disclosure Vulnerability - Windows

Apache HTTP Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache 2.4.60 Source Code Disclosure

According to its banner, the version of Apache running on the remote host is 2.4.60. It is, therefore, affected by a source code disclosure with handlers configured via AddType. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...