391 matches found
CLSA-2023-1679000716 httpd: Fix of 2 CVEs
CVE-2023-25690: HTTP request splitting with modrewrite and modproxy - CVE-2023-27522: modproxyuwsgi: HTTP response splitting...
CLSA-2023-1679000442 httpd: Fix of 2 CVEs
CVE-2023-25690: HTTP request splitting with modrewrite and modproxy - CVE-2023-27522: modproxyuwsgi: HTTP response splitting...
SUSE-SU-2023:0764-1 Security update for apache2
This update for apache2 fixes the following issues: - CVE-2023-27522: Fixed HTTP response splitting in modproxyuwsgi bsc1209049. - CVE-2023-25690: Fixed HTTP request splitting with modrewrite and modproxy bsc1209047. The following non-security bugs were fixed: - Fixed passing health check does no...
Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy
...
PT-2023-12907 · Undefined · Undefined
Apache HTTP Server fixes two HTTP request splitting CVE-2022-27522 & CVE-2023-25690 flaws https://securityonline.info/cve-2022-27522-cve-2023-25690-apache-http-server-vulnerability/...
CVE-2023-25690
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
K94828628: Apache mod_proxy HTTP/2 vulnerability CVE-2021-33193
Security Advisory Description A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. CVE-2021-33193 Impact There is no impact; F5 products are not...
SUSE CVE-2005-2703
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...
SUSE CVE-2006-5330
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks vi...
SUSE CVE-2007-2292
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...
SUSE CVE-2007-6245
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks...
SUSE CVE-2020-10109
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request...
SUSE CVE-2020-15811
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...
SUSE CVE-2021-33193
A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...
Security Bulletin: IBM Aspera Orchestrator affected by HTTP request splitting attack due to Apache HTTP Server vulnerability (CVE-2021-33193)
Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-33193 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by improper input validation in HTTP/2 message processing. A remote attacker...
Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud Transformation Advisor
Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities. CVE-2018-12122, CVE-2018-12121, CVE-2018-12123 Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by improper validation of HTTP headers. By sending...
httpd: Request splitting via HTTP/2 method injection and mod_proxy
A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity...
httpd: Request splitting via HTTP/2 method injection and mod_proxy
A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity...
Debian: Security Advisory (DLA-3000-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 8 : httpd:2.4 (RHSA-2022:1915)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1915 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Request splittin...