Tenda AC9 安全漏洞

Tenda AC9 is a wireless router from Tenda China. A security vulnerability exists in Tenda AC9 version 1.0, which originates from the improper handling of the usb.samba.guest.user parameter in the formSetSambaConf function in the httpd file, which may lead to OS command injection...

VulnCheck KEV: CVE-2025-7414

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.123880. This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely...

CLSA-2025-1758035415 httpd: Fix of 2 CVEs

CVE-2024-47252: escape characters are now properly handled in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP desynchronisation attack...

CLSA-2025-1758035329 httpd: Fix of 2 CVEs

CVE-2024-47252: escape user-supplied data in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to prevent HTTP desynchronisation attack...

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

Moderate: Red Hat Security Advisory: mod_http2 security update

An update for modhttp2 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

RHEL 9 : mod_http2 (RHSA-2025:15725)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:15725 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modproxyhttp2:...

RHEL 9 : mod_http2 (RHSA-2025:15727)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:15727 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modproxyhttp2:...

Erlang/OTP (Erlang OTP) Directory Traversal Vulnerability (Sep 2020) - Windows

Erlang/OTP Erlang OTP is prone to a directory traversal vulnerability in the httpd module of the inets component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Erlang/OTP (Erlang OTP) Directory Traversal Vulnerability (Sep 2020) - Linux

Erlang/OTP Erlang OTP is prone to a directory traversal vulnerability in the httpd module of the inets component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

RHSA-2025:15698 Red Hat Security Advisory: httpd:2.4 security update

Bulletin has no description...

RHSA-2025:15684 Red Hat Security Advisory: httpd:2.4 security update

Bulletin has no description...

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption

An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some modssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if...

RHSA-2025:15619 Red Hat Security Advisory: httpd:2.4 security update

Bulletin has no description...

httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption

An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some modssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if...

RHEL 8 : httpd:2.4 (RHSA-2025:15684)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15684 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient...

Erlang/OTP (Erlang OTP) Httpd CGI Scripts Environment Variable Pollution Vulnerability (Sep 2025, httpoxy) - Linux

Erlang/OTP Erlang OTP is prone to a Httpd CGI scripts environment variable pollution vulnerability in the inets component dubbed SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...