Lucene search
K

58 matches found

OSV
OSV
added 2023/01/17 8:15 p.m.5 views

ALPINE-CVE-2022-36760

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

9CVSS7AI score0.01879EPSS
Exploits0References1
OSV
OSV
added 2023/01/17 8:15 p.m.11 views

AZL-13027 CVE-2022-36760 affecting package httpd for versions less than 2.4.55-1

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

9CVSS6.6AI score0.01879EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.5 views

Apache HTTP Server 环境问题漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An Http request smuggling vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.55 and earlier, which stems from a...

9CVSS6.8AI score0.01879EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2022/07/12 12:0 a.m.10 views

PT-2022-6218

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.54 and prior versions Description The issue is related to the inconsistent interpretation of HTTP requests, also known as 'HTTP Request Smuggling', in the mod proxy ajp module of the Apache HTTP Server. This...

10CVSS6.6AI score0.57941EPSS
Exploits0References186
BDU FSTEC
BDU FSTEC
added 2022/07/06 12:0 a.m.6 views

The vulnerability of the mod_proxy_ajp module in the Apache HTTP Server allows a hacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the modproxyajp module in the Apache HTTP Server is related to improper handling of HTTP requests. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests HTTP Request Smuggling attack...

6.4CVSS6.9AI score0.19008EPSS
Exploits1References19Affected Software10
ATTACKERKB
ATTACKERKB
added 2022/06/09 5:15 p.m.2 views

CVE-2022-26377

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

7.5CVSS7.2AI score0.19008EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2022/06/09 5:15 p.m.7 views

ALPINE-CVE-2022-26377

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

7.5CVSS7AI score0.19008EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/03/02 12:0 a.m.8 views

PT-2022-3356

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.53 and prior versions Description The issue is related to the inconsistent interpretation of HTTP requests, also known as 'HTTP Request Smuggling', in the mod proxy ajp module of the Apache HTTP Server. This...

9.1CVSS7.1AI score0.19008EPSS
Exploits1References269
OSV
OSV
added 2020/04/21 8:5 a.m.33 views

SUSE-SU-2020:14342-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2020-1934: modproxyftp may use uninitialized memory when proxying to a malicious FTP server bsc1168404. - CVE-2020-1938: modproxyajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication bsc1169066...

9.8CVSS7.7AI score0.9927EPSS
Exploits45References5
OSV
OSV
added 2012/11/30 7:55 p.m.11 views

CVE-2012-4557

The modproxyajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service worker consumption via an expensive request...

6.3AI score
Exploits0References24
RedHat Linux
RedHat Linux
added 2012/05/07 6:13 p.m.6 views

httpd: mod_proxy_ajp remote temporary DoS

The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary "error state" in the backend server via a malformed HTTP request...

4.3CVSS7.2AI score0.2238EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2011/10/20 4:48 p.m.5 views

httpd: mod_proxy_ajp remote temporary DoS

The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary "error state" in the backend server via a malformed HTTP request...

4.3CVSS7.2AI score0.2238EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2011/09/16 12:0 a.m.55 views

Fedora 15 : httpd-2.2.21-1.fc15 (2011-12715)

This update includes the latest stable release of the Apache HTTP Server, version 2.2.21. Two security issues have been fixed : modproxyajp when combined with modproxybalancer: Prevents unrecognized HTTP methods from marking ajp: balancer members in an error state, avoiding denial of service...

7.8CVSS7.6AI score0.98945EPSS
Exploits19References7
RedHat Linux
RedHat Linux
added 2011/06/22 11:14 p.m.6 views

httpd: mod_proxy_ajp worker moved to error state when timeout exceeded

The modproxyajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service worker consumption via an expensive request...

5CVSS5.9AI score0.1747EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2010/10/20 12:0 a.m.5065 views

Apache 2.2.x < 2.2.15 Multiple Vulnerabilities

According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.15. It is, therefore, potentially affected by multiple vulnerabilities : - A TLS renegotiation prefix injection attack is possible. CVE-2009-3555 - The 'modproxyajp' module returns the wrong status cod...

10CVSS7.7AI score0.94248EPSS
Exploits27References8
OSV
OSV
added 2010/03/05 4:30 p.m.3 views

DEBIAN-CVE-2010-0408

The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...

5CVSS7.8AI score0.20787EPSS
Exploits1References1
seebug.org
seebug.org
added 2009/12/28 12:0 a.m.21 views

apache mod-proxy-ajp 2.2.11 信息泄漏漏洞

No description provided by source...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2009/05/20 6:30 p.m.6 views

httpd mod_proxy_ajp information disclosure

modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...

5CVSS7.2AI score0.12383EPSS
Exploits1References4
Rows per page
Query Builder