Lucene search
+L

391 matches found

OSV
OSV
added 2023/03/16 9:5 p.m.8 views

CLSA-2023-1679000716 httpd: Fix of 2 CVEs

CVE-2023-25690: HTTP request splitting with modrewrite and modproxy - CVE-2023-27522: modproxyuwsgi: HTTP response splitting...

9.8CVSS6.8AI score0.8377EPSS
Exploits5References1
OSV
OSV
added 2023/03/16 9:0 p.m.11 views

CLSA-2023-1679000442 httpd: Fix of 2 CVEs

CVE-2023-25690: HTTP request splitting with modrewrite and modproxy - CVE-2023-27522: modproxyuwsgi: HTTP response splitting...

9.8CVSS6.8AI score0.8377EPSS
Exploits5References1
OSV
OSV
added 2023/03/16 11:14 a.m.26 views

SUSE-SU-2023:0764-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2023-27522: Fixed HTTP response splitting in modproxyuwsgi bsc1209049. - CVE-2023-25690: Fixed HTTP request splitting with modrewrite and modproxy bsc1209047. The following non-security bugs were fixed: - Fixed passing health check does no...

9.8CVSS8.8AI score0.8377EPSS
Exploits5References7
Microsoft CVE
Microsoft CVE
added 2023/03/14 7:0 a.m.8 views

Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy

...

9.8CVSS6.9AI score0.8377EPSS
Exploits5
Positive Technologies
Positive Technologies
added 2023/03/08 12:0 a.m.11 views

PT-2023-12907 · Undefined · Undefined

Apache HTTP Server fixes two HTTP request splitting CVE-2022-27522 & CVE-2023-25690 flaws https://securityonline.info/cve-2022-27522-cve-2023-25690-apache-http-server-vulnerability/...

9.8CVSS6.9AI score0.8377EPSS
Exploits5References1
Debian CVE
Debian CVE
added 2023/03/07 3:9 p.m.156 views

CVE-2023-25690

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

9.8CVSS7AI score0.8377EPSS
Exploits5
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.138 views

K94828628: Apache mod_proxy HTTP/2 vulnerability CVE-2021-33193

Security Advisory Description A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. CVE-2021-33193 Impact There is no impact; F5 products are not...

7.5CVSS6.3AI score0.46179EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.4 views

SUSE CVE-2005-2703

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...

5CVSS7.1AI score0.01789EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.5 views

SUSE CVE-2006-5330

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks vi...

5CVSS7.4AI score0.23148EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.3 views

SUSE CVE-2007-2292

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...

4.3CVSS8.9AI score0.12736EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.4 views

SUSE CVE-2007-6245

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks...

5.8CVSS7AI score0.04705EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.2 views

SUSE CVE-2020-10109

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request...

7.5CVSS7.8AI score0.03208EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.4 views

SUSE CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

9.6CVSS6.8AI score0.04235EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.4 views

SUSE CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

9.1CVSS7AI score0.46179EPSS
Exploits1References9
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 8:39 p.m.47 views

Security Bulletin: IBM Aspera Orchestrator affected by HTTP request splitting attack due to Apache HTTP Server vulnerability (CVE-2021-33193)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-33193 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by improper input validation in HTTP/2 message processing. A remote attacker...

7.5CVSS7.5AI score0.46179EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 7:0 p.m.38 views

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud Transformation Advisor

Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities. CVE-2018-12122, CVE-2018-12121, CVE-2018-12123 Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by improper validation of HTTP headers. By sending...

7.5CVSS6.7AI score0.41288EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2022/10/26 8:15 p.m.8 views

httpd: Request splitting via HTTP/2 method injection and mod_proxy

A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity...

7.5CVSS7.1AI score0.46179EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/10/26 8:5 p.m.11 views

httpd: Request splitting via HTTP/2 method injection and mod_proxy

A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity...

7.5CVSS7.1AI score0.46179EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2022/05/13 12:0 a.m.23 views

Debian: Security Advisory (DLA-3000-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.8AI score0.02714EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/05/11 12:0 a.m.245 views

RHEL 8 : httpd:2.4 (RHSA-2022:1915)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1915 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Request splittin...

8.2CVSS7.6AI score0.82295EPSS
Exploits1References14
Rows per page
Query Builder