11634 matches found
PT-2022-3349 · Apache +10 · Apache Http Server +10
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.53 and earlier Description: The issue is related to the r:wsread function in the mod lua module of the Apache HTTP Server, which may return lengths that point past the end of the allocated buffer storage. This...
PT-2022-3372
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.53 and earlier Description The issue is related to the mod proxy module in Apache HTTP Server, which may not properly handle X-Forwarded- headers based on the client-side Connection header hop-by-hop mechanism...
PT-2022-3344 · Apache +2 · Apache Http Server +2
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.53 and earlier Description: The issue is related to a buffer overflow condition in the mod isapi module of the Apache HTTP Server. Exploitation of this issue may allow a remote attacker to cause a denial of...
Apache 2.4.x < 2.4.54 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.54 advisory. - Read beyond bounds via aprwrite: The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if...
KLA12554 Multiple vulnerabilities in Apache HTTP Server
Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Out of bounds read vulnerability in aprwrite can be...
PT-2022-3376 · Apache +10 · Apache Http Server +10
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server version 2.4.53 Description: The issue is related to the mod sed module in Apache HTTP Server, which may make excessively large memory allocations when configured to do transformations in contexts where the input to mod sed...
Apache HTTP Server 输入验证错误漏洞
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server version 2.4.53 and earlier, which stems from a failure to...
Apache HTTP Server 安全漏洞
Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server is vulnerable to an information disclosure vulnerability that could be exploited by attackers to obtain sensitive information...
Apache Httpd < 2.4.54 : mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...
Apache Httpd < 2.4.54 : mod_proxy_ajp: Possible request smuggling
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...
Apache Httpd < 2.4.54 : Denial of service in mod_lua r:parsebody
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...
Apache Httpd < 2.4.54 : read beyond bounds in mod_isapi
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module...
Apache Httpd < 2.4.54 : read beyond bounds via ap_rwrite()
The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...
Apache Httpd < 2.4.54 : mod_sed denial of service
If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...
Apache Httpd < 2.4.54 : Information Disclosure in mod_lua with websockets
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread that point past the end of the storage allocated for the buffer...
Apache Httpd < 2.4.54 : Read beyond bounds in ap_strcmp_match()
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...
PT-2022-3377
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.53 and earlier Description The issue is related to a read beyond bounds in the ap strcmp match function when provided with an extremely large input buffer. This can cause the server to crash or disclose...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 CVE-2021-41773 According to The National Vulne...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 CVE-2021-41773 According to The National Vulne...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1790)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...