PT-2021-1392

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.48 and earlier Description: A crafted request uri-path can cause mod proxy to forward the request to an origin server chosen by the remote user. This issue is related to insufficient validation of incoming...

KLA12370 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Security bypass vulnerability ...

Apache Httpd < 2.4.49 : NULL pointer dereference in httpd core

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...

Apache Httpd < 2.4.49 : ap_escape_quotes buffer overflow

apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-2381)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Wallarm API Firewall outperforms Nginx in a production environment

Wallarm API Firewall is a free light-weighted API Firewall that protects your API endpoints in cloud-native environments with API schema validation. Wallarm API Firewall relies on a positive security model allowing calls that match a predefined API specification, while rejecting everything else...

vulhub

This repository is an offensive tool for creating pre-built vulnerable environments based on Docker-Compose. It is a collection of vulnerable applications and services that can be used for testing and training purposes. The repository includes a variety of vulnerable applications, such as CouchDB...

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:1234-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1234-1 advisory. - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning...

SUSE SLED15: apache2 / apache2-devel / apache2-doc / apache2-event / etc (SUSE-SU-2021:2954-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2954-1 advisory. - CVE-2021-33193: Fixed request splitting via HTTP/2 method injection and modproxy bsc1189387. Tenable has extracted the preceding description...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-2333)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-39191

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of modauthopenidc was reported to ...

CVE-2021-39191 URL Redirection to Untrusted Site ('Open Redirect') in mod_auth_openidc

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of modauthopenidc was reported to ...

CVE-2021-39191

CVE-2021-39191 affects mod_auth_openidc (Apache 2.x OpenID Connect RP). The 3rd‑party init SSO feature could open redirects by supplying a crafted URL in the target_link_uri parameter. A patch in version 2.4.9.4 adds required validation via the OIDCRedirectURLsAllowed setting on target_link_uri. ...

com.avast.grpc:grpc-json-bridge-http4s_2.12 (>=0.18.8 <=0.19.0), com.avast:sst-app-monix_2.12 (>=0.17.0 <=0.19.3) +43 more potentially affected by CVE-2021-39185 via org.http4s:http4s-server_2.12 (>=0.22.0 <=0.22.2)

org.http4s:http4s-server2.12 MAVEN version =0.22.0, =0.18.8, =0.17.0, =0.17.0, =0.12.0, =0.17.0, =0.12.0, =0.17.0, =0.12.0, =0.12.0, =0.17.0, =0.17.0, =0.12.0, =0.12.0, =0.12.0, =0.1.1, =5.0.0-PREVIEW.pvfixrelease.2025-12-09T1243.b669d29d and more Source cves: CVE-2021-39185 Source advisory:...

Ubuntu 18.04 LTS : uWSGI vulnerability (USN-5054-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5054-1 advisory. Felix Wilhelm discovered a buffer overflow flaw in the modproxyuwsgi module. An attacker could use this vulnerability to provoke an information disclosure or...

GHSA-6HFQ-H8HQ-87MF HTTP Request Smuggling in hyper

Summary hyper's HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary different...

startserver 安全漏洞

startserver is an open source http server. A security vulnerability exists in startserver, which stems from the application's lack of antivirus handling and vulnerability to directory traversal attacks...

Ponzu Cross-Site Request Forgery Vulnerability

Ponzu is a powerful and efficient open source HTTP server framework and content management system CMS. A cross-site request forgery vulnerability exists in the configure.html component of Ponzu version 0.11.0. An attacker could use this vulnerability to change user and administrator credentials,...

CVE-2021-35395

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affect...

Stack overflow

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affect...