PT-2021-5758 · Apache +9 · Apache Http Server +9

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.48 and earlier Description: The issue is related to the ap escape quotes function, which may write beyond the end of a buffer when given malicious input. Although no included modules pass untrusted data to thes...

Moderate: Red Hat Security Advisory: rh-php73-php security, bug fix, and enhancement update

An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2021-32812

Monkshu is an enterprise application server for mobile apps iOS and Android, responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a...

CVE-2021-32812

Monkshu is an enterprise application server for mobile apps iOS and Android, responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a...

Cross site scripting

Monkshu is an enterprise application server for mobile apps iOS and Android, responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a...

CVE-2021-32812 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') and Improper Encoding or Escaping of Output in frontend/server/server.js

Monkshu is an enterprise application server for mobile apps iOS and Android, responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a...

LightMe - HTTP Server Serving Obfuscated Powershell Scripts/Payloads

LightMe is a Simple HTTP Server serving Powershell Scripts/Payloads after Obfuscate them and run obfuscation as a service in backgroud in order to keep obfuscate the payloads which giving almost new obfuscated payload on each HTTP request Main Features Obfuscate all powershell files within a...

Security Bulletin: Vulnerabilities identified in IBM HTTP Server shipped with IBM WebSphere Service Registry and Repository (CVE-2020-13938 and CVE-2021-30641)

Summary IBM HTTP Server is shipped as a component of IBM WebSphere Service Registry and Repository. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

Security Bulletin: Vulnerability in IBM WebSphere HTTP Server affects IBM i2 Analyze

Summary Versions of the IBM Websphere HTTP Server bundled with IBM i2 Analyze have vulnerabilities. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM i2 Analyze| IBM i2 Analyze 4.3.1...

Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server used by WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager (CVE-2020-13938, CVE-2021-30641)

Summary IBM HTTP Server used by WebSphere Application Server is/are shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM HTTP Server used by WebSphere Application Server have been published in security bulletins. Vulnerability Details Refer ...

CVE-2021-32792

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePost ...

CVE-2021-32791

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, the AES GCM encryption in modauthopenidc uses a static IV and...

CVE-2021-32786

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers...

CVE-2021-32786

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers...

CVE-2021-32786

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers...

CVE-2021-32785

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When modauthopenidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache...

CVE-2021-32786 Open Redirect in oidc_validate_redirect_url()

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers...

Apache HTTP Server 格式化字符串错误漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and extensible via a simple API. A formatting string error vulnerability exists in Apache versions prior to 2.4.9, where an attacker can reliably cause a denial of service ...

CVE-2021-32785

CVE-2021-32785 affects mod_auth_openidc (Apache 2.x) prior to 2.4.9 when configured with an unencrypted Redis cache. The issue arises from argument interpolation before Redis requests are passed to hiredis, causing an uncontrolled format string bug. Impact described as reliable denial of service ...

CVE-2021-32786

CVE-2021-32786 affects mod_auth_openidc (Apache 2.x). In versions before 2.4.9, oidc_validate_redirect_url() parses URLs differently from browsers, allowing an Open Redirect in the logout flow. The issue is fixed in 2.4.9 by replacing backslashes with slashes in redirects. A mitigations option is...