Lucene search
K

181 matches found

f5
f5
added 2023/02/21 8:0 p.m.31 views

K43945001: F5 TMM vulnerability CVE-2017-6147

Security Advisory Description An undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server. CVE-2017-6147 Impact If the SSL Forward Proxy...

5.9CVSS5.8AI score0.01331EPSS
Exploits0Affected Software10
f5
f5
added 2023/02/21 6:54 p.m.50 views

K91013510: SSL Forward Proxy vulnerability CVE-2022-23016

Security Advisory Description When BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23016 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a...

7.5CVSS7.4AI score0.0092EPSS
Exploits0Affected Software13
f5
f5
added 2023/02/21 6:52 p.m.38 views

K20134942: SSL Forward Proxy vulnerability CVE-2018-5527

Security Advisory Description A remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel TMM to leak memory. As a result, system memory usage...

7.8CVSS7.5AI score0.02577EPSS
Exploits0Affected Software13
f5
f5
added 2023/02/21 6:49 p.m.25 views

K73202036: Configuring SSL Forward Proxy and an OCSP stapling profile may allow a connection to a website with a revoked certificate

Security Advisory Description When you have configured the BIG-IP system for SSL Forward Proxy and have also configured an Online Certificate Status Protocol OCSP stapling profile, under certain conditions, the client could connect to a website with a revoked certificate without knowing it, despi...

6.6AI score
Exploits0
f5
f5
added 2023/02/21 6:34 p.m.31 views

K45325728: SSL forward proxy vulnerability CVE-2018-5533

Security Advisory Description Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. CVE-2018-5533 Impact This vulnerability may allow a remote attacker to cause the Traffic Management Microkernel TM...

7.5CVSS7.6AI score0.01782EPSS
Exploits0Affected Software13
f5
f5
added 2023/02/21 6:33 p.m.33 views

K64552448: SSL forward proxy vulnerability CVE-2018-5534

Security Advisory Description Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. CVE-2018-5534 Impact This vulnerability may allow a remote attacker to cause the Traffic...

7.5CVSS7.6AI score0.01782EPSS
Exploits0Affected Software13
susecve
susecve
added 2023/02/15 5:36 a.m.7 views

SUSE CVE-2013-4352

The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...

4.3CVSS6.8AI score0.11534EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 3:36 a.m.4 views

SUSE CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

7.5CVSS7.5AI score0.82295EPSS
Exploits0References10
openvas
openvas
added 2023/01/09 12:0 a.m.23 views

Debian: Security Advisory (DSA-5311-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.4AI score0.013EPSS
Exploits0References4
redhat
redhat
added 2022/10/26 8:15 p.m.3 views

httpd: possible NULL dereference or SSRF in forward proxy configurations

There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...

8.2CVSS7AI score0.82295EPSS
Exploits0References5
redhat
redhat
added 2022/10/26 8:5 p.m.5 views

httpd: possible NULL dereference or SSRF in forward proxy configurations

There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...

8.2CVSS7AI score0.82295EPSS
Exploits0References5
redhat
redhat
added 2022/09/29 1:33 p.m.6 views

httpd: possible NULL dereference or SSRF in forward proxy configurations

There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...

8.2CVSS7AI score0.82295EPSS
Exploits0References5
euvd
euvd
added 2022/05/13 1:9 a.m.4 views

EUVD-2013-4236

The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...

4.3CVSS7AI score0.11534EPSS
Exploits0References33
nessus
nessus
added 2022/05/12 12:0 a.m.86 views

AlmaLinux 8 : httpd:2.4 (ALSA-2022:1915)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1915 advisory. httpd: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 httpd: modproxyuwsgi: out-of-bounds read via a crafted request uri-path...

8.2CVSS7.5AI score0.82295EPSS
Exploits1References5
nessus
nessus
added 2022/05/11 12:0 a.m.245 views

RHEL 8 : httpd:2.4 (RHSA-2022:1915)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1915 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Request splittin...

8.2CVSS7.6AI score0.82295EPSS
Exploits1References14
redhat
redhat
added 2022/05/10 2:18 p.m.7 views

httpd: possible NULL dereference or SSRF in forward proxy configurations

There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...

8.2CVSS7AI score0.82295EPSS
Exploits0References5
openvas
openvas
added 2022/03/29 12:0 a.m.30 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1349)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.5AI score0.97108EPSS
Exploits4References2
openvas
openvas
added 2022/03/02 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1306)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.5AI score0.97108EPSS
Exploits4References2
openvas
openvas
added 2022/03/02 12:0 a.m.32 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1290)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.5AI score0.97108EPSS
Exploits4References2
osv
osv
added 2022/02/14 8:17 p.m.7 views

CLSA-2022-1644869841 Fix of CVE: CVE-2021-34798, CVE-2021-39275, CVE-2021-36160, CVE-2021-44224

CVE-2021-44224: possible NULL dereference or SSRF in forward proxy configurations - CVE-2021-39275: out-of-bounds write in apescapequotes via malicious input - CVE-2021-36160: modproxyuwsgi: out-of-bounds read via a crafted request uri-path - CVE-2021-34798: NULL pointer dereference via malformed...

9.8CVSS7.1AI score0.82295EPSS
Exploits0References1
Rows per page
Query Builder