Exploit for Out-of-bounds Write in Haxx Libcurl

CVE-2023-38545: Curl Vulnerability Proof of Concept This repos...

Security Bulletin: Multiple Security vulnerabilities in IBM Java in FileNet Content Manager

Summary Multiple Security vulnerabilities in IBM Java in FileNet Content Manager, affected, not vulnerable Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request,...

CVE-2023-35055

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

Exploit for Race Condition in Microsoft

CVE-2023-36884: MS Office HTML RCE with crafted documents On...

USN-6399-1: Puma vulnerability

It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP request Smuggling attack...

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-006)

The version of ruby installed on the remote host is prior to 2.6.7-126. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-006 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP...

Rocky Linux 8 : httpd:2.4 (RLSA-2023:5050)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5050 advisory. - HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special...

AlmaLinux 8 : httpd:2.4 (ALSA-2023:5050)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5050 advisory. httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. No...

Oracle Linux 8 : httpd:2.4 (ELSA-2023-5050)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5050 advisory. - Resolves: 2176723 - CVE-2023-27522 httpd:2.4/httpd: modproxyuwsgi HTTP response splitting - Resolves: 2190133 - modrewrite regression with CVE-2023-25690 -...

httpd: mod_proxy_uwsgi HTTP response splitting

An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via modproxyuwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client...

CentOS 8 : httpd:2.4 (CESA-2023:5050)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:5050 advisory. - HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special...

CVE-2014-5329

GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...

Race condition

GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...

CVE-2014-5329

CVE-2014-5329 leverages a flaw in Apache HTTP Server (CVE-2011-3192) on the 8001/tcp admin interface. The root cause is improper handling of Range headers, enabling a DoS condition. Public sightings reference an Apache Range DoS (e.g., Metasploit module) and multiple advisories (CentOS/CESA, Amaz...

CVE-2014-5329

GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...

Oracle Linux 7 : httpd (ELSA-2019-2343)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2343 advisory. - replace index.html with Oracles index page oracleindex.html Resolves: 1566317 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in modauthdige...

Oracle Linux 7 : httpd (ELSA-2020-1121)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1121 advisory. - Resolves: 1677496 - CVE-2018-17199 httpd: modsessioncookie does not respect expiry time - Resolves: 1565465 - CVE-2017-15710 httpd: Out of bound writ...

Oracle Linux 6 : httpd24-httpd (ELSA-2014-1972)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1972 advisory. - Remove modproxyfcgi fix for heap-based buffer overflow, httpd-2.4.6 is not affected CVE-2014-3583 - core: fix bypassing of modheaders rules via chunk...

Oracle Linux 6 : httpd (ELSA-2015-1249)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1249 advisory. - core: fix bypassing of modheaders rules via chunked requests CVE-2013-5704 Tenable has extracted the preceding description block directly from the Oracle Linu...

Oracle Linux 7 : httpd (ELSA-2020-3958)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3958 advisory. - Resolves: 1823262 - CVE-2020-1934 httpd: modproxyftp use of uninitialized value - Resolves: 1565491 - CVE-2017-15715 httpd: bypass with a trailing...