CVE-2023-50211

The CVE-2023-50211 entry concerns D-Link G416 routers. The vulnerability is a stack-based buffer overflow in the httpd API-AUTH Timestamp Processing function, triggered by insufficient validation of the length of user-supplied data copied into a fixed-length stack buffer. Impact is remote code ex...

CVE-2023-50199

Summary: CVE-2023-50199 affects D-Link G416 routers, due to a flaw in the httpd service listening on TCP port 80 that allows missing authentication to access a critical function, enabling remote code execution by network-adjacent attackers. The entry is supported by multiple sources (ZDI advisory...

CVE-2023-44447 TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability

TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. Th...

CVE-2023-44447

CVE-2023-44447 affects TP-Link TL-WR902AC. The vulnerability is in the httpd service listening on TCP port 80 and stems from improper authentication, allowing network-adjacent attackers to disclose stored credentials and potentially further compromise. Connected sources (ZDI advisory ZDI-23-1623 ...

Medium: httpd

Issue Overview: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. CVE-2023-38709 HTTP Response splitting in multiple modules in Apache HTTP Server allows an...

D-Link G416 安全漏洞

D-Link G416 is the AX1500 4G+ Smart Router launched by AUO in June 2025 , which supports Wi-Fi 6, AI Smart Optimization and 4G LTE Cat 6 network with up to 300Mbps internet speed. D-Link G416 suffers from an information disclosure vulnerability, which stems from the httpd exception mishandling...

httpd security update

2.4.57-8.0.1 - Replace index.html with Oracle's index page oracleindex.html. 2.4.57-8 - modxml2enc: fix media type handling Resolves: RHEL-17686 - moddav: add DavBasePath Resolves: RHEL-6600 2.4.57-7 - Resolves: RHEL-14447 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 2.4.57-...

D-Link G416 安全漏洞

D-Link G416 is the AX1500 4G+ Smart Router launched by AUO in June 2025 , which supports Wi-Fi 6, AI Smart Optimization and 4G LTE Cat 6 network with up to 300Mbps internet speed. The D-Link G416 suffers from an authentication vulnerability that stems from a lack of authentication in the httpd...

httpd: mod_macro: out-of-bounds read vulnerability

A flaw was found in the modmacro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash...

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

httpd: mod_http2: DoS in HTTP/2 with initial window size 0

A flaw was found in the modhttp2 module of httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that connection indefinitely. This vulnerability can exhaust worker resources in the server, similar to the well-known "slow loris"...

Moderate: mod_http2 security update

The modhttp2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modhttp2: DoS in HTTP/2 with initial window size 0 CVE-2023-43622 modhttp2: reset requests exhaust memory incomplete fix of CVE-2023-44487 CVE-2023-45802 For mo...

Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

ALSA-2024:2278 Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

RHEL 9 : httpd (RHSA-2024:2278)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2278 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro: out-of-bounds...

ALSA-2024:2368 Moderate: mod_http2 security update

The modhttp2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modhttp2: DoS in HTTP/2 with initial window size 0 CVE-2023-43622 modhttp2: reset requests exhaust memory incomplete fix of CVE-2023-44487 CVE-2023-45802 For mo...

ALSA-2024:2564 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

CVE-2023-31889

An issue discovered in httpd in ASUS RT-AC51U with firmware version up to and including 3.0.0.4.380.8591 allows local attackers to cause a denial of service via crafted GET request...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2024-607)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-607 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

CVE-2023-31889

An issue discovered in httpd in ASUS RT-AC51U with firmware version up to and including 3.0.0.4.380.8591 allows local attackers to cause a denial of service via crafted GET request...