SUSE CVE-2024-38477

null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

PT-2024-5594 · Apache +6 · Apache Http Server +6

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server version 2.4.60 Description: A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances...

KLA70210 SB vulnerability in Apache HTTP Server

Security bypass vulnerability was found in Apache HTTP Server. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Fixed in Apache HTTP Server 2.4.61 Related products Apache-HTTP-Server CVE list CVE-2024-39884 unknown Solution Update to the latest...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2024-22019)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22019 advisory. - A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP reque...

Apache 2.4.x < 2.4.61

The version of Apache httpd installed on the remote host is prior to 2.4.61. It is, therefore, affected by a vulnerability as referenced in the 2.4.61 advisory. - Apache HTTP Server: source code disclosure with handlers configured via AddType: A regression in the core of Apache HTTP Server 2.4.60...

RLSA-2024:4197 Moderate: httpd:2.4/httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd:2.4: httpd: HTTP response splitting CVE-2023-38709 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

httpd:2.4/httpd security update

An update is available for module.modmd, module.modhttp2, modhttp2, modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache...

Vulnerabilities fixed in Apache HHTP server

Apache Software Foundation has fixed vulnerabilities in the Apache HTTP Server. A malicious party can exploit the vulnerabilities to cause a denial-of-service, manipulate traffic via Server-Side-Request-Forgery SSRF, or execute code within the Web server, which the malicious party is not initiall...

CVE-2024-38477

A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service. Mitigation Red Hat has investigated whether a possible mitigation exists for thi...

CVE-2024-38474

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

CVE-2024-38475

A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...

CVE-2024-38473

A flaw was found in the modproxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication. Mitigation Mitigation for this issue is either not available or the currently available optio...

CVE-2024-39573

A flaw was found in the modrewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the modproxy module. Mitigation Mitigation for this issue is either not available or the currently available...

DEBIAN-CVE-2024-38477

null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CVE-2024-38477

null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CVE-2024-39573

Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

ALPINE-CVE-2024-38477

null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CVE-2024-39573

Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

ALPINE-CVE-2024-38473

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CVE-2024-38473

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...