Lucene search
K

170 matches found

The Hacker News
The Hacker News
added 2020/11/24 2:56 p.m.4 views

Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies

An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonl...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/11/04 1:44 a.m.2 views

httpd: limited cross-site scripting in mod_proxy error page

A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation...

6.1CVSS7AI score0.81466EPSS
Exploits4References5
RedHat Linux
RedHat Linux
added 2020/09/29 7:26 p.m.4 views

httpd: mod_proxy_ftp use of uninitialized value

A flaw was found in Apache's HTTP server httpd .The modproxyftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality...

5.3CVSS7.1AI score0.51951EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/04/06 7:9 p.m.3 views

httpd: limited cross-site scripting in mod_proxy error page

A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation...

6.1CVSS6.9AI score0.81466EPSS
Exploits4References5
OSV
OSV
added 2019/11/19 4:15 p.m.2 views

DEBIAN-CVE-2011-4968

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack MITM...

4.8CVSS5.1AI score0.03989EPSS
Exploits1References1
OSV
OSV
added 2019/11/19 4:15 p.m.2 views

UBUNTU-CVE-2011-4968

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack MITM...

4.8CVSS5.8AI score0.03989EPSS
Exploits1References3
CNVD
CNVD
added 2019/08/16 12:0 a.m.6 views

Apache httpd Cross-Site Scripting Vulnerability

Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A cross-site scripting vulnerability exists in the modproxy error page in Apache httpd, which can be exploited by an attacker to execute...

6.1CVSS7.3AI score0.81466EPSS
Exploits4References1
Wallarm Lab
Wallarm Lab
added 2018/11/28 6:27 p.m.267 views

FAST or Burp or both?

By @aLLy , Wallarm Research Hello guys, time to talk details about Wallarm FAST Framework for Application Security Testing. It’s a new automatic web vulnerability scanning and fuzzing detection tool by Wallarm Inc. It is well suited for security researchers in enterprise Red Teams as well as for...

5CVSS10.4AI score0.81848EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.8 views

The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.

The vulnerability in the modproxy module of the Apache HTTP Server when reverse proxy is enabled allows malicious actors to cause a service failure by using a specially crafted HTTP Connection header...

4.3CVSS6.6AI score0.35543EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2014/07/23 8:4 p.m.2 views

USN-2299-1 apache2 vulnerabilities

Marek Kroemeke discovered that the modproxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2014-0117 Giancarlo Pellegrino and Davide Balzarot...

6.8CVSS6.9AI score0.85744EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2014/07/23 10:0 a.m.6 views

httpd: mod_proxy denial of service

A denial of service flaw was found in the modproxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules MPM that would cause the httpd child process to crash...

4.3CVSS6.7AI score0.35543EPSS
Exploits2References5
OSV
OSV
added 2014/07/20 11:12 a.m.4 views

DEBIAN-CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

4.3CVSS8.1AI score0.35543EPSS
Exploits2References1
OSV
OSV
added 2013/07/20 3:37 a.m.3 views

DEBIAN-CVE-2013-2070

http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...

5.8CVSS6.6AI score0.11925EPSS
Exploits3References1
Debian CVE
Debian CVE
added 2013/07/18 1:0 a.m.38 views

CVE-2013-2070

http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...

5.8CVSS6AI score0.11925EPSS
Exploits3
seebug.org
seebug.org
added 2013/07/17 12:0 a.m.22 views

Drupal Stage File Proxy模块拒绝服务漏洞

Bugtraq ID:61080 Drupal是使用PHP语言编写的开源内容管理框架,它由内容管理系统和PHP开发框架共同构成 Drupal Stage File Proxy模块存在一个拒绝服务漏洞,允许攻击者长时间重复向服务器提交多次请求,会降低所有文件操作的性能,也可能使得某些文件操作不能使用,造成拒绝服务攻击 0 Drupal Stage File Proxy 7.x-1.x 厂商解决方案 Drupal Stage File Proxy 7.x-1.4已经修复此漏洞,建议用户下载更新: http://drupal.org/project/stagefileproxy...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2012/05/07 6:13 p.m.4 views

httpd: reverse web proxy vulnerability

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...

5CVSS6.8AI score0.90734EPSS
Exploits12References5
Tenable Nessus
Tenable Nessus
added 2011/11/18 12:0 a.m.55 views

Apache Tomcat 4.x < 4.1.36 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.36. It is, therefore, affected by the following vulnerabilities : - Requests containing multiple 'content-length' headers are not rejected as invalid. This error can allow...

5CVSS5.3AI score0.90768EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2010/08/30 12:30 p.m.4 views

httpd: Reverse proxy sends wrong responses after time-outs

modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...

5CVSS6.6AI score0.08284EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2010/08/04 9:30 p.m.7 views

httpd: mod_proxy_http DoS via excessive interim responses from the origin server

A flaw was found in the modproxy module. An attacker who has control of a web server to which requests are being proxied could cause a limited denial of service due to CPU consumption and stack exhaustion. CVE-2008-2364...

5CVSS7AI score0.12714EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2010/07/23 12:0 a.m.7 views

PT-2010-4294 · Apache +1 · Apache Http Server +1

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server version 2.2.9 Description: The issue is related to an information disclosure flaw in the mod proxy component of the Apache HTTP Server. When running on Unix platforms, if a timeout occurs while reading a response from a...

5CVSS5.4AI score0.2187EPSS
Exploits3References29
Rows per page
Query Builder