11629 matches found
CVE-2025-21498
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of...
CVE-2024-45687
CVE-2024-45687 involves Improper Neutralization of CRLF Sequences in HTTP Headers in Payara Server and Payara Micro (Grizzly, REST Management Interface modules). Affected products/versions include Payara Server 4.1.151–4.1.2.191.51; 5.20.0–5.70.0; 5.2020.2–5.2022.5; 6.2022.1–6.2024.12; 6.0.0–6.21...
CVE-2024-45687 HTTP Server incorrectly accepting disallowed characters within header values
Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in Payara Platform Payara Server Grizzly, REST Management Interface modules, Payara Platform Payara Micro Grizzly modules allows Manipulating State, Identity Spoofing.This issue affects Payar...
Oracle Fusion Middleware 安全漏洞
Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collections, and other capabilities.HTTP Server is one of the HTTP server components. A security...
EulerOS 2.0 SP8 : httpd (EulerOS-SA-2025-1122)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...
ROS-20250117-03
Vulnerability in modproxy module of Apache HTTP Server is related to incorrect writing of null pointer. pointer. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service using a specially crafted request Apache HTTP Server WebSocket protocol...
BIT-PYTHON-MIN-2020-8492
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...
EulerOS 2.0 SP9 : httpd (EulerOS-SA-2025-1039)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...
EulerOS 2.0 SP9 : httpd (EulerOS-SA-2025-1056)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2025-1006)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2025-1039)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : httpd (EulerOS-SA-2025-1023)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...
EulerOS 2.0 SP10 : httpd (EulerOS-SA-2025-1006)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...
Exploit for Path Traversal in Mitel Micollab
CVE-2024-41713 Scanner This repository contains a Python scri...
Exploit for Path Traversal in Apache Http_Server
masscve-2021-41773 MASS CVE-2021-41773 Screenshot...
Exploit for Exposure of Resource to Wrong Sphere in Apache Http_Server
HTTP Request Smuggling Detection Tool This repository contain...
BIT-NODE-MIN-2024-27982
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...
Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2023-38709) affects Power HMC.
Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-38709 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by improper input validation in the...
Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2023-45802) affects Power HMC.
Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-45802 DESCRIPTION: When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources...
EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2982)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...