CVE-2022-37436

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...

CVE-2022-37436

CVE-2022-37436 affects Apache HTTP Server in versions prior to 2.4.55. The issue allows a malicious backend to truncate response headers early, causing some headers to be incorporated into the response body and preventing the later headers from being interpreted by the client. Affected products i...

CVE-2022-37436

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...

CVE-2022-36760 Apache HTTP Server: mod_proxy_ajp Possible request smuggling

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

CVE-2022-36760

CVE-2022-36760 affects Apache HTTP Server mod_proxy_ajp, enabling HTTP Request Smuggling by an attacker to forward requests to the AJP backend. Public docs confirm impact on Apache httpd 2.4.54 and earlier; remediation is to upgrade to a fixed release (e.g., httpd 2.4.55+ as referenced by advisor...

CVE-2022-36760 Apache HTTP Server: mod_proxy_ajp Possible request smuggling

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

CVE-2022-36760

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

CVE-2022-36760

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

CVE-2006-20001

CVE-2006-20001 affects Apache HTTP Server 2.4.54 and earlier. The issue is triggered by a crafted If: header that can read memory or write a single zero byte in heap memory beyond the header value, potentially crashing the process. Industry advisories confirm the vulnerability in Apache httpd and...

CVE-2006-20001 Apache HTTP Server: mod_dav out of bounds read, or write of zero byte

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

CVE-2006-20001 Apache HTTP Server: mod_dav out of bounds read, or write of zero byte

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

CVE-2006-20001

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

CVE-2006-20001

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

Apache HTTP Server 环境问题漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An Http request smuggling vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.55 and earlier, which stems from a...

KLA20167 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Out of bounds read vulnerability in moddav can be exploited to cause denial of...

Apache HTTP Server 注入漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A CLRF injection vulnerability exists in Apache HTTP Server versions prior to 2.4.55. The vulnerability stems from a Web applicati...

OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0...

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2023-1164)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent...

PT-2023-5866

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.57 Bamboo Data Center and Server versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1, and 9.3.0 F5 NGINX products affected versions not specified gRPC-Go versions prior to 1.56.3, 1.57.1, and 1.58.3 IBM HTTP...

Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered

Lilith of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three vulnerabilities in Asus router software. The Asus RT-AX82U router is one of the newer Wi-Fi 6 802.11ax-enabled routers that also supports mesh networking with other Asus routers. Like other routers, it i...