Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, a component of IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Netcool Configuration Manager (CVE-2019-0211, CVE-2019-0220)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM HTTP Server,...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301).

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM HTTP Server...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition (CVE-2017-12613).

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM HTTP Server...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition.

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM HTTP Server...

Cesanta Mongoose Web Server < 7.10 Improper Input Validation Vulnerability

Cesanta Mongoose Web Server is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2023-9025

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions through 2.4.58 Description The issue is related to faulty input validation in the core of Apache, allowing malicious or exploitable backend/content generators to split HTTP responses. This can be exploited by a remo...

RLSA-2023:3147 Important: apr-util security update

The Apache Portable Runtime APR is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Security Fixes: apr-util:...

CVE-2023-34188

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests...

CVE-2023-34188

CVE-2023-34188 affects the Mongoose HTTP server prior to 7.10. The issue arises when the server processes requests with negative Content-Length headers, causing an infinite loop as the payload is reparsed and preventing handling of other requests. Remediation is to upgrade to 7.10 or later (as ci...

CVE-2023-34188

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests...

CVE-2023-34188

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests...

CVE-2023-34188

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests...

Security Bulletin: Vulnerability in Apache HTTP Server ( CVE-2023-25690 ) affects Power HMC

Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2022-36760 and CVE-2022-37436 ) affects Power HMC

Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2022-36760 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent interpretation of HTTP Requests...

HTTP Fetch, Linux Command Shell, Bind TCP Random Port Inline

Fetch and execute a x86 payload from an HTTP server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/http/x86/shellbindtcprandomport msf payloadshellbindtcprandomport show actio...

HTTP Fetch, Linux Command Shell, Reverse TCP Inline (IPv6)

Fetch and execute a x86 payload from an HTTP server. Connect back to attacker and spawn a command shell over IPv6 Module Options msf use payload/cmd/linux/http/x86/shellreversetcpipv6 msf payloadshellreversetcpipv6 show actions ...actions... msf payloadshellreversetcpipv6 set ACTION msf...

HTTP Fetch, Linux Command Shell, Bind IPv6 TCP Stager (Linux x86)

Fetch and execute a x86 payload from an HTTP server. Spawn a command shell staged. Listen for an IPv6 connection Linux x86 Module Options msf use payload/cmd/linux/http/x86/shell/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp...

HTTP Fetch, Reverse TCP Stager

Fetch and execute a x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/http/x86/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid show options ...show a...

HTTP Fetch, Linux Command Shell, Bind IPv6 TCP Stager with UUID Support (Linux x86)

Fetch and execute a x86 payload from an HTTP server. Spawn a command shell staged. Listen for an IPv6 connection with UUID Support Linux x86 Module Options msf use payload/cmd/linux/http/x86/shell/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set...

HTTP Fetch, Linux Command Shell, Find Tag Inline

Fetch and execute a x86 payload from an HTTP server. Spawn a shell on an established connection proxy/NAT safe Module Options msf use payload/cmd/linux/http/x86/shellfindtag msf payloadshellfindtag show actions ...actions... msf payloadshellfindtag set ACTION msf payloadshellfindtag show options...