NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2021-0036)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by multiple vulnerabilities: - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded...

Python -- multiple vulnerabilities

Python reports: bpo-43434: Creating a sqlite3.Connection object now also produces a sqlite3.connect auditing event. Previously this event was only produced by sqlite3.connect calls. Patch by Erlend E. Aasland. bpo-43882: The presence of newline or tab characters in parts of a URL could allow some...

EulerOS Virtualization 3.0.6.6 : libproxy (EulerOS-SA-2021-1490)

According to the versions of the libproxy packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a...

EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2021-1540)

According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP serv...

PT-2021-3577

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.0 through 2.4.46 Description: The issue is related to a heap overflow that can be caused by a specially crafted SessionHeader sent by an origin server. This could potentially allow a remote attacker to impact t...

Apache HTTP Server Detection Consolidation

Consolidation of Apache HTTP Server detections. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Use After Free in Apache Http_Server

CVE-2019-0211 介绍 CVE-2019-0211 软件架构 软件架构说明 安装教程 1. xxxx 2. xxxx 3. xxxx 使用说明 1. xxxx 2. xxxx 3. xxxx 参与贡献 1. Fork 本仓库 2. 新建 Featxxx 分支 3. 提交代码 4. 新建 Pull Request 特技 1. 使用 Readme\XXX.md 来支持不同的语言，例如 Readme\en.md, Readme\zh.md 2. Gitee 官方博客 blog.gitee.com 3. 你可以 https://gitee.com/explore 这个地址来了解 Git...

EulerOS 2.0 SP2 : ruby (EulerOS-SA-2021-1356)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Onigmo through 6.2.0 has a NULL pointer dereference in onigerrorcodetostr because of fetchtoken in regparse.c.CVE-2019-16161 - Onigmo through 6.2....

Backdoor.Win32.Agent.aak Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582aC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Remote Buffer Overflow Description: The HTTP backdoor serve...

Backdoor.Win32.Agent.aak Code Execution / Cross Site Request Forgery

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582aB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Cross Site Request Forgery CSRF - Code Execution Descriptio...

Security Bulletin: Multiple Security Vulnerabilities Have Been Identified In IBM HTTP server shipped with IBM Tivoli Federated Identity Manager

Summary IBM HTTP server is shipped with IBM Tivoli Federated Identity Manager. Information about multiple security vulnerabilities affecting IBM HTTP server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

[SECURITY] Fedora 32 Update: php-7.4.15-1.fc32

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Fedora: Security Advisory for php (FEDORA-2021-ae5a54ba78)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-21299

hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple...

UBUNTU-CVE-2021-21299

hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple...

CVE-2021-21299

CVE-2021-21299 affects the Rust HTTP library hyper. The vulnerability resides in hyper’s HTTP server code, which may misinterpret requests with multiple Transfer-Encoding headers, potentially treating the payload as chunked when it should be illegal. Exploitation requires three conditions to be m...

Low: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP6 security update

Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Low: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP6 security update

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scorin...

RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP6 (RHSA-2021:0486)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0486 advisory. This release adds the new Apache HTTP Server 2.4.37 Service Pack 6 packages that are part of the JBoss Core Services offering. This release serves as...

CVE-2020-13583

A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...