Lucene search
K

81 matches found

NVD
NVD
added 2025/04/28 8:15 p.m.70 views

CVE-2025-31651

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

9.8CVSS0.0418EPSS
Exploits1References3
OSV
OSV
added 2025/04/28 8:15 p.m.6 views

DEBIAN-CVE-2025-31651

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

9.8CVSS7.3AI score0.0418EPSS
Exploits1References1
OSV
OSV
added 2025/04/28 8:15 p.m.2 views

UBUNTU-CVE-2025-31651

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

9.8CVSS6.9AI score0.0418EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/04/28 7:17 p.m.88 views

CVE-2025-31651 Apache Tomcat: Bypass of rules in Rewrite Valve

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

0.0418EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/04/08 6:24 a.m.231 views

Exploit for Improper Encoding or Escaping of Output in Apache Tomcat

CVE-2025-31651 For a subset of unlikely rewrite rule configura...

9.8CVSS7.2AI score0.0418EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.9 views

PT-2025-18103

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.5 Apache Tomcat versions 10.1.0-M1 through 10.1.39 Apache Tomcat versions 9.0.0.M1 through 9.0.102 Description The issue is related to the improper neutralization of escape, meta, or control...

10CVSS8AI score0.0418EPSS
Exploits1References166
RedHat Linux
RedHat Linux
added 2024/08/13 1:18 p.m.5 views

httpd: Potential SSRF in mod_rewrite

A flaw was found in the modrewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the modproxy module...

7.5CVSS7AI score0.35447EPSS
Exploits0References5
OSV
OSV
added 2024/07/19 11:8 a.m.3 views

OESA-2024-1853 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or...

9.8CVSS7AI score0.03153EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/07/19 3:51 a.m.1730 views

Exploit for Exposure of Resource to Wrong Sphere in Apache Http_Server

🚨Alert🚨Apache Vulnerability 🚨Alert🚨Security Advisory: CVE-2024...

9.1CVSS6.6AI score0.04134EPSS
Exploits5
OSV
OSV
added 2024/07/12 11:8 a.m.7 views

OESA-2024-1830 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not...

9.1CVSS7.5AI score0.99957EPSS
Exploits1References3
CNVD
CNVD
added 2024/07/05 12:0 a.m.104 views

Apache HTTP Server Input Validation Error Vulnerability (CNVD-2024-36390)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause insecure...

7.5CVSS7.9AI score0.35447EPSS
Exploits0References1
OSV
OSV
added 2024/07/01 7:15 p.m.3 views

ALPINE-CVE-2024-39573

Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

7.5CVSS6.8AI score0.35447EPSS
Exploits0References1
OSV
OSV
added 2024/07/01 7:15 p.m.1 views

DEBIAN-CVE-2024-39573

Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

7.5CVSS6.2AI score0.35447EPSS
Exploits0References1
OSV
OSV
added 2024/07/01 7:15 p.m.6 views

UBUNTU-CVE-2024-39573

Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

7.5CVSS6.6AI score0.35447EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2024/07/01 6:15 p.m.55 views

CVE-2024-38475

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS9.9AI score0.99957EPSS
Exploits1
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.3 views

Apache HTTP Server 输入验证错误漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause insecure...

7.5CVSS6.7AI score0.35447EPSS
Exploits0References3
Veracode
Veracode
added 2024/05/24 5:38 a.m.7 views

Access Bypass

ezsystems/ezplatform is vulnerable to Access Bypass. The vulnerability is due to inadequate rewrite rules for blocking access to executable files in the var directory when using eZ Platform Cloud on Platform.sh...

7AI score
Exploits0
OSV
OSV
added 2024/05/15 9:18 p.m.7 views

GHSA-QHJC-HG94-245V eZ Platform Prevent accepting app.php in URL in Platform.sh

The recommended rewrite rules in eZ Platform prevent users from including the front-controller script normally "app.php" in URLs. This prevents certain vulnerabilities related to caching. However, this is not possible when using eZ Platform Cloud i.e. running eZ Platform on the Platform.sh cloud...

7.2AI score
Exploits0References4
OSV
OSV
added 2023/03/17 11:5 a.m.9 views

OESA-2023-1161 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can...

9.8CVSS9.2AI score0.8377EPSS
Exploits5References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.4 views

SUSE CVE-2013-1912

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service crash and possibly execute...

5.1CVSS8.1AI score0.05464EPSS
Exploits0References3
Rows per page
Query Builder