Apache HTTP Server 环境问题漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server is vulnerable to an environmental issue that results from Apache HTTP Server's inability to close inbound connections when dropping the body of a request, leading to request smuggling. The vulnerability...

PT-2022-1925 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server 2.4 versions 2.4.52 and prior versions Description: The issue is related to an out-of-bounds write vulnerability in the mod sed module of Apache HTTP Server. This vulnerability allows an attacker to overwrite heap memory wi...

Apache Httpd < 2.4.53 : mod_sed: Read/write beyond bounds

Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions...

Apache Httpd < 2.4.53 : mod_lua Use of uninitialized value of in r:parsebody

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: modlua: Use of uninitialized value of in r:parsebody moderate CVE-2022-22719A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. HTTP request smuggling vulnerability important CVE-2022-22720 httpd fails...

Apache HTTP Server <= 2.4.52 Multiple Vulnerabilities - Linux

Apache HTTP Server is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Apache HTTP Server <= 2.4.52 Multiple Vulnerabilities - Windows

Apache HTTP Server is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Apache2 2.4.49 - LFI & RCE Exploit Info...

AlmaLinux 8 : httpd:2.4 (ALSA-2021:4257)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4257 advisory. httpd: modsession: NULL pointer dereference when parsing Cookie header CVE-2021-26690 httpd: Unexpected URL matching with 'MergeSlashes OFF' CVE-2021-3064...

AlmaLinux 8 : httpd:2.4 (ALSA-2021:3816)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:3816 advisory. httpd: modproxy: SSRF via a crafted request uri-path containing unix: CVE-2021-40438 httpd: modsession: Heap overflow via a crafted SessionHeader value...

AlmaLinux 8 : httpd:2.4 (ALSA-2022:0258)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0258 advisory. httpd: modlua: Possible buffer overflow when parsing multipart content CVE-2021-44790 Tenable has extracted the preceding description block directly from the...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server Shipped With IBM WebSphere Application Server Patterns

Summary IBM HTTP Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

CVE-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Description This script exploits CVE-2021-...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-42013 Description This script exploits CVE-2021-...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin CVE-2022-25313, CVE-2022-25315, CVE-2022-25235, and CVE-2022-25236. Vulnerability Details Refer to the security...

PSF-2022-6 CVE-2021-3733: ReDoS in urllib.request

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

Apache APISIX Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'APISIX Admin API default access token RCE', 'Description' = %q Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with WebSphere Remote Server

Summary IBM HTTP Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin CVE-2021-45960, CVE-2022-22822, CVE-2022-23990, CVE-2022-22823, CVE-2022-23852, CVE-2022-22825, CVE-2021-46143,...

CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...