[SECURITY] Fedora 33 Update: httpd-2.4.51-1.fc33

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 🐛 Path traversal and file disclosure vulnera...

Exploit for Path Traversal in Apache Http_Server

Apache HTTPD Path Traversal Checker 0x00 Overview On Octo...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-42013 Introduction It was found that the fix for C...

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat...

Oracle Linux 8 : httpd:2.4 (ELSA-2021-3816)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3816 advisory. - Resolves: 2007234 - CVE-2021-40438 httpd:2.4/httpd: modproxy: SSRF via a crafted request uri-path Tenable has extracted the preceding description blo...

CVE-2019-14888

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL. Mitigation Enable HTTP2 enable-http2="true" in the undertows HTTPS settings...

Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution Vulnerabilities

Exploit: Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution RCE Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.50 Tested on: 2.4.50 CVE : CVE-2021-42013 Credits: Ash Daulton and the cPanel Security Team !/bin/bash if $1 == '' ; $2 ==...

Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE)

Exploit: Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution RCE Date: 10/05/2021 Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.50 Tested on: 2.4.50 CVE : CVE-2021-42013 Credits: Ash Daulton and the cPanel Security Team !/bin/bash if...

Apache HTTP Server 2.4.50 Path Traversal / Code Execution

Exploit: Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution RCE Date: 10/05/2021 Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.50 Tested on: 2.4.50 CVE : CVE-2021-42013 Credits: Ash Daulton and the cPanel Security Team !/bin/bash if...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2021-41136

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a...

CVE-2021-41136

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a...

Cross site request forgery (csrf)

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a...

Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxy: SSRF via a crafted request uri-path containing "unix:" CVE-2021-40438 httpd: modsession: Heap overflow via a crafted SessionHeader value CVE-2021-26691 For more...

RLSA-2021:3816 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxy: SSRF via a crafted request uri-path containing "unix:" CVE-2021-40438 httpd: modsession: Heap overflow via a crafted SessionHeader value CVE-2021-26691 For more...

ALSA-2021:3816 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxy: SSRF via a crafted request uri-path containing "unix:" CVE-2021-40438 httpd: modsession: Heap overflow via a crafted SessionHeader value CVE-2021-26691 For more...

httpd:2.4 security update

An update is available for httpd, modhttp2, modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful,...

CVE-2021-41136

Summary: CVE-2021-41136 affects Puma HTTP/1.1 server for Ruby/Rack. When used with a proxy that forwards HTTP header values containing LF, an attacker could smuggle a request through the proxy, potentially causing the proxy to send a response to a different client. This behavior has been observed...

Security Bulletin: Multiple vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...