11634 matches found
CVE-2021-40438
A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...
CVE-2021-40438 mod_proxy SSRF
A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...
CVE-2021-40438
CVE-2021-40438 is an SSRF flaw in Apache HTTP Server 2.4.x through older revisions where a crafted request URI path can cause mod_proxy to forward the request to an origin server chosen by the remote user. The issue affects Apache httpd 2.4.48 and earlier; the CVSSv3.1 base score is 9.0 (CRITICAL...
CVE-2021-40438
A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...
CVE-2021-39275
CVE-2021-39275 affects Apache HTTP Server (httpd) up to 2.4.48 and earlier. The issue is an out-of-bounds write in ap_escape_quotes() when given malicious input, potentially crashing the server or enabling code execution in some environments. Several connected sources concur this vulnerability ex...
CVE-2021-39275 ap_escape_quotes buffer overflow
apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier...
CVE-2021-39275
apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier...
CVE-2021-39275
apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier...
CVE-2021-36160 mod_proxy_uwsgi out of bound read
A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive...
CVE-2021-36160
CVE-2021-36160 affects Apache HTTP Server mod_proxy_uwsgi. A crafted request URI-path can cause mod_proxy_uwsgi to read beyond allocated memory, triggering a DoS. The issue is reported for Apache httpd versions 2.4.30–2.4.48. Public sources in connected documents corroborate the impact as an out-...
CVE-2021-34798
CVE-2021-34798 is a vulnerability in Apache HTTP Server where malformed requests may cause a NULL pointer dereference in the httpd core. The issue affects Apache HTTP Server 2.4.48 and earlier, and the resulting crash can lead to a Denial of Service. Multiple connected advisories confirm the same...
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...
CVE-2021-34798 NULL pointer dereference in httpd core
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2020-13938, CVE-2021-30641, CVE-2021-26690, CVE-2021-26691)
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Apache HTTP Server 缓冲区错误漏洞
Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API. buffer overflow vulnerability exists in Apache HTTP Server versions 2.4.48 and earlier, which stems from the possibility that apescapequotes may write content...
Apache Httpd < 2.4.49 : NULL pointer dereference in httpd core
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...
Apache Httpd < 2.4.49 : ap_escape_quotes buffer overflow
apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier...
Apache HTTP Server 缓冲区错误漏洞
Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server versions 2.4.30 to 2.4.48 contain a denial-of-service vulnerability that stems from a network system or product that does not properly validate incoming data. An attacker could exploit this vulnerabilit...
CVE-2021-40438
A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Recent assessments: gwillcox-r7 at November 29, 2021 4:33pm UTC reported: This is an interesting bug that allows one to...