11629 matches found
AZL-43427 CVE-2024-40725 affecting package httpd for versions less than 2.4.62-1
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...
CVE-2024-40725
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...
CVE-2024-40725 Apache HTTP Server: source code disclosure with handlers configured via AddType
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...
CVE-2024-40725 Apache HTTP Server: source code disclosure with handlers configured via AddType
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...
CVE-2024-40725
CVE-2024-40725 affects Apache HTTP Server core (httpd) and arises from a partial fix for CVE-2024-39884 in 2.4.61 that can leak local content when legacy content-type based configuration (AddType and similar) is used, potentially serving PHP scripts as source code under indirect requests. The iss...
CVE-2024-40725
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...
CVE-2024-40725
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...
CVE-2024-40898 Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...
CVE-2024-40898
The CVE-2024-40898 entry describes an SSRF vulnerability in Apache HTTP Server on Windows when using mod_rewrite in the server/vhost context. The issue can allow leaking NTLM hashes to a malicious server via crafted requests. Affected software is Apache HTTP Server; the remediation is to upgrade ...
CVE-2024-40898 Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...
CVE-2024-40898
SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...
PT-2025-29113
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.64 Description: An issue exists in the core of Apache HTTP Server that allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server to split t...
Apache HTTP Server 2.4.60 - 2.4.61 Information Disclosure Vulnerability - Windows
Apache HTTP Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache HTTP Server 2.4.60 - 2.4.61 Information Disclosure Vulnerability - Linux
Apache HTTP Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache HTTP Server 2.4.0 - 2.4.61 SSRF Vulnerability - Windows
Apache HTTP Server is prone to a server-side request forgery SSRF vulnerability with modrewrite in server/vhost context. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache HTTP Server vulnerability (USN-6902-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6902-1 advisory. It was discovered that the Apache HTTP Server incorrectly handled certain handlers configured via AddType. A remote attacker could possibl...
KLA70466 Multiple vulnerabilities in Apache HTTP Server
Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to bypass security restrictions. Below is a complete list of vulnerabilities: 1. Security vulnerability in SSRF can be exploited to bypass security restrictions. 2. Security vulnerability ...
Apache 2.4.60 < 2.4.62 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is prior to 2.4.62. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.62 advisory. - A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based...
PT-2024-4844
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.62 Description: The issue is related to a Server-side Request Forgery SSRF vulnerability in the mod rewrite module of the Apache HTTP Server on Windows. This vulnerability can be exploited by a remote...
Apache httpd -- Source code disclosure with handlers configured via AddType
The Apache httpd project reports: source code disclosure with handlers configured via AddType CVE-2024-40725 Important: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar...