Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-44224)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-44224 Vulnerability Details CVEID: CVE-2021-44224 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service or server-side request forgery. By sending a specially crafted URI to httpd configured as a forward proxy, ...

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-39275)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-39275 Vulnerability Details CVEID: CVE-2021-39275 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking by the apescapequotes function. By sending specially crafted input, a...

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-33193)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-33193 Vulnerability Details CVEID: CVE-2021-33193 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by improper input validation in HTTP/2 message processing. A remote attacker could explo...

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it.(CVE-2021-36160)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-36160 Vulnerability Details CVEID:CVE-2021-36160 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read in modproxyuwsgi. By sending a specially crafted request uri-path, a remote...

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it.(CVE-2021-40438)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-40438 Vulnerability Details CVEID: CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in modproxy. By sending a specially crafted request uri-path, a remote attacker...

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-34798)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-34798 Vulnerability Details CVEID: CVE-2021-34798 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference in httpd core. By sending a specially crafted request, a remote...

HTTP Protocol Stack Denial Of Service / Remote Code Execution Exploit

!/usr/bin/python Author @nu11secur1ty CVE-2022-21907 from colorama import init, Fore, Back, Style initconvert=True import requests import time printFore.RED +"Please input your host...\n" printStyle.RESETALL printFore.YELLOW host = input printStyle.RESETALL printFore.BLUE +"Sending an especially...

PT-2022-6219 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.55 Description: The issue is related to the mod proxy module in Apache HTTP Server, where it fails to properly handle CRLF sequences in HTTP headers. This can be exploited by a remote attacker to perfo...

Log4Shell HTTP Header Injection Exploit

This Metasploit module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload. The Automatic target delivers a Java payload using remote class loading. This requires Metasploit to run an...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server

Summary There are multiple vulnerabilities in the IBM HTTP Server used by IBM WebSphere Application Server. This has been addressed. IBM HTTP Server is affected by CVE-2021-44224 for IBM HTTP Server configurations with "ProxyRequests ON" in the IBM HTTP Server configuration file httpd.conf by...

USN-5212-2: Apache HTTP Server vulnerabilities

USN-5212-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use thi...

Apache HTTP Server mod_md Denial of Service Vulnerability

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server version 2.4.33. An attacker can exploit this vulnerability by sending ...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5212-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5212-2 advisory. USN-5212-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

Ubuntu: Security Advisory (USN-5212-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tenable SecurityCenter < 5.20.0 Multiple Vulnerabilities (TNS-2022-01)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is less than 5.20.0 and is therefore affected by multiple vulnerabilities: - A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer...

USN-5212-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. CVE-2021-44224 It was discovered that...

Ubuntu 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-5212-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5212-1 advisory. It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to...

EulerOS Virtualization 3.0.2.6 : httpd (EulerOS-SA-2021-2878)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...

Path Traversal in http-server-node

All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is...

GHSA-HJ3M-V758-JWX5 Path Traversal in http-server-node

All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is...