Lucene search
+L

181 matches found

NVD
NVD
added 2022/01/25 8:15 p.m.18 views

CVE-2022-23016

On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS a...

7.5CVSS0.0092EPSS
Exploits0References1
OSV
OSV
added 2022/01/25 8:15 p.m.4 views

CVE-2022-23016

On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS a...

7.5CVSS7.1AI score0.0092EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/25 8:15 p.m.4 views

CVE-2022-23016

On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS a...

7.5CVSS5.8AI score0.0092EPSS
Exploits0References2
Prion
Prion
added 2022/01/25 8:15 p.m.19 views

Code injection

On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS a...

7.1CVSS7.5AI score0.0092EPSS
Exploits0References1Affected Software11
Cvelist
Cvelist
added 2022/01/25 7:11 p.m.28 views

CVE-2022-23016

On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS a...

7.7AI score0.0092EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/01/19 12:0 a.m.30 views

F5 Networks BIG-IP : SSL Forward Proxy vulnerability (K91013510)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.4.1 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K91013510 advisory. - On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 i...

7.5CVSS7.4AI score0.0092EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/01/18 12:0 a.m.65 views

openSUSE 15 Security Update : apache2 (openSUSE-SU-2022:0091-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0091-1 advisory. - A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for...

9.8CVSS8.2AI score0.97108EPSS
Exploits4References7
Tenable Nessus
Tenable Nessus
added 2022/01/13 12:0 a.m.37 views

SUSE SLES12: apache2 / apache2-doc / apache2-example-pages / apache2-prefork / etc (SUSE-SU-2022:0065-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0065-1 advisory. - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. bsc1193943 - CVE-2021-44790: Fixed buffer overflo...

9.8CVSS7.5AI score0.97108EPSS
Exploits4References7
OSV
OSV
added 2022/01/10 11:14 a.m.8 views

USN-5212-2 apache2 vulnerabilities

USN-5212-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use thi...

9.8CVSS7.3AI score0.97108EPSS
Exploits4References3
OSV
OSV
added 2022/01/06 2:48 p.m.7 views

USN-5212-1 apache2 vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. CVE-2021-44224 It was discovered that...

9.8CVSS7.3AI score0.97108EPSS
Exploits4References3
OSV
OSV
added 2021/12/25 11:3 a.m.4 views

OESA-2021-1473 httpd security update

Apache HTTP Server. Security Fixes: A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket...

9.8CVSS7.4AI score0.97108EPSS
Exploits4References3
Microsoft CVE
Microsoft CVE
added 2021/12/23 8:0 a.m.4 views

Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier

...

8.2CVSS8.6AI score0.82295EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/12/23 12:0 a.m.3091 views

Apache 2.4.x >= 2.4.7 / < 2.4.52 Forward Proxy DoS / SSRF

The version of Apache httpd installed on the remote host is equal to or greater than 2.4.7 and prior to 2.4.52. It is, therefore, affected by a flaw related to acting as a forward proxy. A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer...

9.8CVSS7.8AI score0.97108EPSS
Exploits4References2
OSV
OSV
added 2021/12/21 11:27 p.m.21 views

MGASA-2021-0577 Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Uni...

9.8CVSS7.4AI score0.97108EPSS
Exploits4References5
RedhatCVE
RedhatCVE
added 2021/12/21 5:4 p.m.89 views

CVE-2021-44224

There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...

8.2CVSS0.7AI score0.82295EPSS
Exploits0References4
Veracode
Veracode
added 2021/12/21 8:11 a.m.56 views

Denial Of Service (DoS)

apache2 is vulnerable to denial of service. An attacker is able to crash the system by sending a maliciously crafted URI sent to httpd configured as a forward proxy ProxyRequests on...

8.2CVSS1.3AI score0.82295EPSS
Exploits0References28Affected Software20
OSV
OSV
added 2021/12/20 12:15 p.m.5 views

ALPINE-CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

8.2CVSS7AI score0.82295EPSS
Exploits0References1
OSV
OSV
added 2021/12/20 12:15 p.m.6 views

AZL-7043 CVE-2021-44224 affecting package httpd for versions less than 2.4.52-1

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

8.2CVSS7AI score0.82295EPSS
Exploits0References1
OSV
OSV
added 2021/12/20 12:15 p.m.2 views

DEBIAN-CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

8.2CVSS7.2AI score0.82295EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/12/20 12:15 p.m.3 views

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

8.2CVSS7AI score0.82295EPSS
Exploits0References24Affected Software1
Rows per page
Query Builder