58 matches found
ALPINE-CVE-2022-36760
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...
AZL-13027 CVE-2022-36760 affecting package httpd for versions less than 2.4.55-1
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...
Apache HTTP Server 环境问题漏洞
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An Http request smuggling vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.55 and earlier, which stems from a...
PT-2022-6218
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.54 and prior versions Description The issue is related to the inconsistent interpretation of HTTP requests, also known as 'HTTP Request Smuggling', in the mod proxy ajp module of the Apache HTTP Server. This...
The vulnerability of the mod_proxy_ajp module in the Apache HTTP Server allows a hacker to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of the modproxyajp module in the Apache HTTP Server is related to improper handling of HTTP requests. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests HTTP Request Smuggling attack...
CVE-2022-26377
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...
ALPINE-CVE-2022-26377
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...
PT-2022-3356
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.53 and prior versions Description The issue is related to the inconsistent interpretation of HTTP requests, also known as 'HTTP Request Smuggling', in the mod proxy ajp module of the Apache HTTP Server. This...
SUSE-SU-2020:14342-1 Security update for apache2
This update for apache2 fixes the following issues: - CVE-2020-1934: modproxyftp may use uninitialized memory when proxying to a malicious FTP server bsc1168404. - CVE-2020-1938: modproxyajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication bsc1169066...
CVE-2012-4557
The modproxyajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service worker consumption via an expensive request...
httpd: mod_proxy_ajp remote temporary DoS
The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary "error state" in the backend server via a malformed HTTP request...
httpd: mod_proxy_ajp remote temporary DoS
The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary "error state" in the backend server via a malformed HTTP request...
Fedora 15 : httpd-2.2.21-1.fc15 (2011-12715)
This update includes the latest stable release of the Apache HTTP Server, version 2.2.21. Two security issues have been fixed : modproxyajp when combined with modproxybalancer: Prevents unrecognized HTTP methods from marking ajp: balancer members in an error state, avoiding denial of service...
httpd: mod_proxy_ajp worker moved to error state when timeout exceeded
The modproxyajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service worker consumption via an expensive request...
Apache 2.2.x < 2.2.15 Multiple Vulnerabilities
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.15. It is, therefore, potentially affected by multiple vulnerabilities : - A TLS renegotiation prefix injection attack is possible. CVE-2009-3555 - The 'modproxyajp' module returns the wrong status cod...
DEBIAN-CVE-2010-0408
The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...
apache mod-proxy-ajp 2.2.11 信息泄漏漏洞
No description provided by source...
httpd mod_proxy_ajp information disclosure
modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...