5773 matches found
CVE-2022-4499
CVE-2022-4499 affects TP-Link WR710N-V1-151022 and Archer C5-V2-160201 (TP-Link routers). The vulnerability arises from a side-channel attack on the httpd process, specifically a strcmp() used to verify credentials, allowing an attacker to deterministically guess each byte of the username and pas...
CVE-2022-43970
A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware = 4.30.18.006. A stack-based buffer overflow in the StartEPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the...
CVE-2022-43970
A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware = 4.30.18.006. A stack-based buffer overflow in the StartEPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the...
Stack overflow
A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware = 4.30.18.006. A stack-based buffer overflow in the StartEPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the...
CVE-2022-43973
The CVE-2022-43973 issue affects Linksys WRT54GL Wireless-G Broadband Router versions
Linksys WUMC710 操作系统命令注入漏洞
The Linksys WUMC710 is a universal media connector from Linksys USA. A command injection vulnerability exists in the Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 build3 and prior versions. The vulnerability stems from the dosetNTP function in the httpd binary that uses...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1074)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[slackware-security] php
New php packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/php-7.4.33-i586-2slack15.0.txz: Rebuilt. This update fixes a security issue: PDO::quote may return unquoted string. For more information...
EulerOS Virtualization 3.0.2.6 : httpd (EulerOS-SA-2023-1074)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2905)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2884)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2866)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.10.0 : httpd (EulerOS-SA-2022-2905)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi...
K34125394: Apache HTTPD vulnerability CVE-2017-3167
Security Advisory Description In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3167 Impact When this vulnerability is exploited, an...
PT-2022-6285 · Tp Link · Tp-Link Archer C5 +1
Name of the Vulnerable Software and Affected Versions: TP-Link Archer C5 version 2 TP-Link WR710N version 1 Description: The issue is related to a heap-based buffer overflow when handling packets, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service...
PT-2022-6284 · Tp Link · Tp-Link Archer C5 +1
Name of the Vulnerable Software and Affected Versions: TP-Link Archer C5 version 2 TP-Link WR710N version 1 Description: The issue is related to the strcmp function used for checking credentials in the httpd process of TP-Link routers. This function is susceptible to a side-channel attack, where ...
httpd: Out-of-bounds read in ap_strcmp_match()
An out-of-bounds read vulnerability was found in httpd. A very large input to the apstrcmpmatch function can lead to an integer overflow and result in an out-of-bounds read...
httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write...
httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
A flaw was found in the modproxy module of httpd. The server may remove the X-Forwarded- headers from a request based on the client-side Connection header hop-by-hop mechanism...
httpd: mod_proxy_ajp: Possible request smuggling
An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests...