Lucene search
K

304 matches found

Nuclei
Nuclei
added 14 hours ago146 views

Apache HTTP Server - ACL Bypass

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. id: CVE-2024-38473 info: name: Apache HTTP Server - ACL Bypass author: pdteam severity: high...

8.1CVSS6.7AI score0.25878EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.11 views

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

7.5CVSS6AI score0.00394EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in Apache2

Apache HTTP Server versions 2.4.41 to 2.4.46 with modproxyhttp can become unstable when processing specially crafted requests that use both Content-Length and Transfer-Encoding headers. This can lead to a denial of service attack...

7.5CVSS7.1AI score0.49089EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Apache2

Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in modproxyajp of the Apache HTTP Server allows an attacker to secretly send requests to the AJP server to which the server forwards requests. This issue affects the Apache HTTP Server version 2.4.54 and...

9CVSS6.7AI score0.01879EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Apache2

A properly crafted method sent via HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server versions 2.4.17 to 2.4.48...

7.5CVSS6.3AI score0.46179EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Apache2

The Apache HTTP Server versions 2.4.6 to 2.4.46, with the modproxywstunnel module configured, were used to handle a URL. The origin server did not necessarily upgrade this connection. This setup allowed subsequent requests on the same connection to be processed without any HTTP validation,...

5.3CVSS6.7AI score0.60266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/12 2:35 p.m.11 views

CVE-2026-29170

A flaw was found in Apache HTTP Server, specifically within the modproxyftp module. This cross-site scripting XSS vulnerability occurs during the generation of HTML directory lists when the server is configured to list FTP directory contents via either a forward or reverse proxy. An attacker coul...

6.1CVSS5AI score0.00504EPSS
Exploits0References4
OSV
OSV
added 2026/06/10 8:39 a.m.6 views

BIT-APACHE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

7.5CVSS5.6AI score0.00687EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 8:39 a.m.6 views

BIT-APACHE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.1AI score0.00504EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:29 a.m.9 views

SUSE CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.1AI score0.00504EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-29170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory...

6.1CVSS5.2AI score0.00504EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-34355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version...

7.5CVSS6.1AI score0.00687EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 4:16 p.m.5 views

UBUNTU-CVE-2026-44186

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.3CVSS5.4AI score0.00562EPSS
Exploits0References5
OSV
OSV
added 2026/06/08 4:16 p.m.4 views

UBUNTU-CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.1AI score0.00504EPSS
Exploits0References5
CVE
CVE
added 2026/06/08 3:20 p.m.63 views

CVE-2026-34355

CVE-2026-34355 : A buffer overflow in Apache HTTP Server’s mod_proxy_html (affecting 2.4.67 and earlier) can be exploited by an untrusted backend. The advisory indicates that upgrading to 2.4.68 fixes the issue. Documented impact is a network‑accessible overflow with high severity (CVSS v3.1: 7.5...

7.5CVSS5.7AI score0.00687EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 3:20 p.m.13 views

CVE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

5.7AI score0.00687EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/08 3:20 p.m.9 views

CVE-2026-34355

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

7.5CVSS5.6AI score0.00687EPSS
Exploits0
CVE
CVE
added 2026/06/08 3:10 p.m.78 views

CVE-2026-29170

CVE-2026-29170 describes a cross-site scripting (XSS) vulnerability in Apache HTTP Server 2.4.67 and earlier, affecting mod_proxy_ftp during HTML directory list generation when listing FTP directory contents via forward or reverse proxy configurations. The vulnerability arises in the HTML directo...

6.1CVSS5.2AI score0.00504EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/08 3:10 p.m.29 views

CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.1AI score0.00504EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/08 3:10 p.m.8 views

CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.2AI score0.00504EPSS
Exploits0
Rows per page
Query Builder