170 matches found
Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies
An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonl...
httpd: limited cross-site scripting in mod_proxy error page
A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation...
httpd: mod_proxy_ftp use of uninitialized value
A flaw was found in Apache's HTTP server httpd .The modproxyftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality...
httpd: limited cross-site scripting in mod_proxy error page
A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation...
DEBIAN-CVE-2011-4968
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack MITM...
UBUNTU-CVE-2011-4968
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack MITM...
Apache httpd Cross-Site Scripting Vulnerability
Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A cross-site scripting vulnerability exists in the modproxy error page in Apache httpd, which can be exploited by an attacker to execute...
FAST or Burp or both?
By @aLLy , Wallarm Research Hello guys, time to talk details about Wallarm FAST Framework for Application Security Testing. It’s a new automatic web vulnerability scanning and fuzzing detection tool by Wallarm Inc. It is well suited for security researchers in enterprise Red Teams as well as for...
The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.
The vulnerability in the modproxy module of the Apache HTTP Server when reverse proxy is enabled allows malicious actors to cause a service failure by using a specially crafted HTTP Connection header...
USN-2299-1 apache2 vulnerabilities
Marek Kroemeke discovered that the modproxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2014-0117 Giancarlo Pellegrino and Davide Balzarot...
httpd: mod_proxy denial of service
A denial of service flaw was found in the modproxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules MPM that would cause the httpd child process to crash...
DEBIAN-CVE-2014-0117
The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...
DEBIAN-CVE-2013-2070
http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...
CVE-2013-2070
http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...
Drupal Stage File Proxy模块拒绝服务漏洞
Bugtraq ID:61080 Drupal是使用PHP语言编写的开源内容管理框架,它由内容管理系统和PHP开发框架共同构成 Drupal Stage File Proxy模块存在一个拒绝服务漏洞,允许攻击者长时间重复向服务器提交多次请求,会降低所有文件操作的性能,也可能使得某些文件操作不能使用,造成拒绝服务攻击 0 Drupal Stage File Proxy 7.x-1.x 厂商解决方案 Drupal Stage File Proxy 7.x-1.4已经修复此漏洞,建议用户下载更新: http://drupal.org/project/stagefileproxy...
httpd: reverse web proxy vulnerability
The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...
Apache Tomcat 4.x < 4.1.36 Multiple Vulnerabilities
According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.36. It is, therefore, affected by the following vulnerabilities : - Requests containing multiple 'content-length' headers are not rejected as invalid. This error can allow...
httpd: Reverse proxy sends wrong responses after time-outs
modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...
httpd: mod_proxy_http DoS via excessive interim responses from the origin server
A flaw was found in the modproxy module. An attacker who has control of a web server to which requests are being proxied could cause a limited denial of service due to CPU consumption and stack exhaustion. CVE-2008-2364...
PT-2010-4294 · Apache +1 · Apache Http Server +1
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server version 2.2.9 Description: The issue is related to an information disclosure flaw in the mod proxy component of the Apache HTTP Server. When running on Unix platforms, if a timeout occurs while reading a response from a...