EulerOS 2.0 SP9 : httpd (EulerOS-SA-2023-3302)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - When a...

The vulnerability of the Reactor Netty HTTP server, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the Reactor Netty HTTP server is related to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to cause service failures through specially crafted HTTP requests...

CentOS 7 : httpd (RHSA-2023:1593)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1593 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when...

Amazon Linux 2 : perl-HTTP-Daemon (ALAS-2024-2405)

The version of perl-HTTP-Daemon installed on the remote host is prior to 6.01-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2405 advisory. HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which cou...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1061)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1085)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-472)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-472 advisory. This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies tha...

CVE-2024-22087

route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution...

CVE-2024-22087

route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution...

Stack overflow

route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution...

CVE-2024-22087

route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution...

cherry Security breach

cherry is an HTTP server for Chee Personal Developers. A security vulnerability exists in cherry, which stems from a stack buffer overflow in the handlerequest function in http.c, leading to remote code execution...

CVE-2024-22087

CVE-2024-22087 affects the Pico HTTP Server in C. A stack-based buffer overflow in the route() function (main.c, revision f3b69a6) is caused by logging/processing a long URI via sprintf, leading to remote code execution. Documents consistently describe the vulnerability and impact but do not prov...

CVE-2024-22087

route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution...

Apache 2.4.55 mod_proxy HTTP Request Smuggling Exploit

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow for an HTTP request smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

Design/Logic Flaw

Phlox com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device...

CVE-2023-46919

Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...

Hardcoded credentials

Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K encryption key. The threat is from a man-in-the-middle attacker who can intercept and potentially modify data during transmissio...

CVE-2023-46918

Phlox com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device...

CVE-2023-46919

Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...