11632 matches found
reactor-netty-http: Log request headers in some cases of invalid HTTP requests
A flaw was found in the Reactor Netty HTTP Server, which may log request headers in some cases of invalid HTTP requests. This could allow an attacker to access privileged information when WARN level logging is enabled...
httpd: mod_sed: DoS vulnerability
A flaw was found in the modsed module of httpd. A very large input to the modsed module can result in a denial of service due to excessively large memory allocations...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
A flaw was found in the modproxy module of httpd. The server may remove the X-Forwarded- headers from a request based on the client-side Connection header hop-by-hop mechanism...
Moderate: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...
SUSE SLES15 Security Update : buildah (SUSE-SU-2022:4349-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4349-1 advisory. - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building ...
EulerOS 2.0 SP8 : curl (EulerOS-SA-2022-2790)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a...
RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 (RHSA-2022:8840)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8840 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...
OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0...
Security Bulletin: IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities
Summary Apache HTTP Server provides HTTP services for SiteProtector. IBM Security SiteProtector System has addressed the following vulnerabilities in an express update CVE-2022-43680, CVE-2017-9233, CVE-2013-0340 : Vulnerability Details CVEID:CVE-2022-43680 DESCRIPTION: libexpat is vulnerable to ...
Exploit for Path Traversal in Apache Http_Server
Exploit for Apache2 Exploit for path transversal vulnerabilit...
CVE-2022-35507
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...
Proxmox pve-http-server 代码问题漏洞
pve-http-server is an open source virtualization environment library from Proxmox. A security vulnerability exists in Proxmox pve-http-server, which stems from an SSRF vulnerability when proxying HTTP requests between pvepmgproxy and pvepmgdaemon, where an attacker with an unprivileged account ca...
PT-2022-22874 · Proxmox +1 · Pve-Http-Server +3
Name of the Vulnerable Software and Affected Versions: Proxmox Virtual Environment versions prior to pve-http-server 4.1-3 Proxmox Mail Gateway versions prior to pve-http-server 4.1-3 Description: A response-header CRLF injection vulnerability in the web interface allows a remote attacker to set...
CVE-2022-35507
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...
Security Bulletin: Multiple vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)
Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
static-dev-server directory traversal vulnerability
static-dev-server is a simple http server for serving static resource files from a local directory and automatically reloading them when they change. A directory traversal vulnerability exists in all versions of npm static-dev-server, which stems from a lack of validity checking of paths when...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2022-40674]
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2022-40674 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...
Security Bulletin: A vulnerability has been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2022-40674)
Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
Security Bulletin: IBM HTTP Server is vulnerable to denial of service due to libexpat (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)
Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to denial of service due to libexpat. This has been addressed. Vulnerability Details CVEID:CVE-2022-43680 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a use-after free created by overeager...