Apache HTTP Server 缓冲区错误漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server versions 2.4.30 to 2.4.48 contain a denial-of-service vulnerability that stems from a network system or product that does not properly validate incoming data. An attacker could exploit this vulnerabilit...

PT-2021-1392

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.48 and earlier Description: A crafted request uri-path can cause mod proxy to forward the request to an origin server chosen by the remote user. This issue is related to insufficient validation of incoming...

Request splitting via HTTP/2 method injection and mod_proxy

...

The vulnerability of the mod_proxy httpd daemon in the Apache HTTP Server allows a hacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the modproxy module in the Apache HTTP Server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely HTTP Request Smuggling attack...

DEBIAN-CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable, and extensible through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.17 through 2.4.48, which can be exploited to bypass authentication...

USN-4994-1 apache2 vulnerabilities

Marc Stern discovered that the Apache modproxyhttp module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. CVE-2020-13950...

mod_proxy_http NULL pointer dereference

...

mod_proxy_wstunnel tunneling of non Upgraded connections

...

ALPINE-CVE-2020-13950

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

DEBIAN-CVE-2019-17567

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

DEBIAN-CVE-2020-13950

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

UBUNTU-CVE-2019-17567

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

PT-2021-3858 · Apache +9 · Apache Http Server +9

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.17 through 2.4.48 Description: A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod proxy, which can lead to request splitting or cache poisoning. This issue is related to...

Exploit for Cross-site Scripting in Apache Http_Server

This is a PoC exploit for CVE-2019-10092, a Limited Cross-Site Scripting in modproxy Error Page-Apache httpd vulnerability. The target product/service is Apache HTTP Server, and the vulnerability class/vector is XSS. The probable entry points are the start.sh script, which invokes the Apache serv...

PT-2021-5273 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.30 through 2.4.48 Description: A carefully crafted request uri-path can cause mod proxy uwsgi to read above the allocated memory and crash, resulting in a denial of service DoS. The issue is related to the mod...

The vulnerability of the mod_proxy_uwsgi module in the Apache HTTP Server allows a hacker to gain unauthorized access to protected information, execute arbitrary code, or cause a denial-of-service attack.

The vulnerability of the modproxyuwsgi module in the Apache HTTP Server is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected information, execute arbitrar...

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

...

DEBIAN-CVE-2020-11984

Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE...

SUSE-SU-2020:14342-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2020-1934: modproxyftp may use uninitialized memory when proxying to a malicious FTP server bsc1168404. - CVE-2020-1938: modproxyajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication bsc1169066...