CVE-2021-34820

Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to access sensitive data. The issue was...

Directory traversal

Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to access sensitive data. The issue was...

CVE-2021-34820

CVE-2021-34820 targets the Novus Management System’s HTTP Server, enabling a remote, unauthenticated attacker to perform directory traversal via HTTP GET and access sensitive files. Affected through version 1.51.2. The CVSSv3.1 vector shows HIGH impact to confidentiality (C:H) with network access...

CVE-2021-34820

Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to access sensitive data. The issue was...

Apache: Multiple vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:2127-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2127-1 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests...

KLA12362 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in HTTP/2 connections can be exploited via special crafted requests to cause...

SAP NetWeaver AS for Java DoS (3056652)

SAP NetWeaver AS for Java Http Service Monitoring Filter, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to deni...

Security Bulletin: Vulnerability identified in WebSphere Application Server affects Cloud Pak System (CVE-2021-30641)

Summary Vulnerability in Apache HTTP server identified in WebSphere Application Server shipped with IBM Cloud Pak System. Information about vulnerability has been published in security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Denial of service

SAP NetWeaver AS for Java Http Service Monitoring Filter, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to deni...

Security Bulletin: Multiple vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Amazon Linux AMI : httpd24 (ALAS-2021-1514)

The version of httpd24 installed on the remote host is prior to 2.4.48-1.92. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1514 advisory. A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 A flaw w...

GHSA-F3PG-QWVG-P99C Lenient Parsing of Content-Length Header When Prefixed with Plus Sign

Summary hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such Content-Length headers, but forwards...

Debian DLA-2706-1 : apache2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2706 advisory. Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes opti...

Apache HTTP Server Detection (HTTP Error Page)

HTTP error-page based detection of the Apache HTTP Server. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for OS Command Injection in Docker

🖥️ -h3x0v3rl0rd- ️⃣ CVE-2019-5736 Usage : machine is vuln...

[SECURITY] [DSA 4937-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4937-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 08, 2021 https://www.debian.org/security/faq -...

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

RUSTSEC-2021-0078 Lenient `hyper` header parsing of `Content-Length` could allow request smuggling

hyper's HTTP header parser accepted, according to RFC 7230, illegal contents inside Content-Length headers. Due to this, upstream HTTP proxies that ignore the header may still forward them along if it chooses to ignore the error. To be vulnerable, hyper must be used as an HTTP/1 server and using ...

Apache HTTP Server 'mod_perl' /perl-status accessible (HTTP)

Requesting the URI /perl-status provides a comprehensive overview of the server configuration. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-lat...