3 matches found
MiracleLinux 7 : httpd-2.4.6-97.1.0.1.el7.AXS7 (AXSA:2021-2480:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2480:01 advisory. httpd: modproxy: SSRF via a crafted request uri-path containing unix: CVE-2021-40438 Tenable has extracted the preceding description block directly from the...
EulerOS 2.0 SP11 : httpd (EulerOS-SA-2025-2196)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacke...
CVE-2024-32964 lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause...