SUSE SLES12 Security Update : apache2 (SUSE-SU-2023:0803-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0803-1 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2023:0764-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0764-1 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack...

HTTP Request Smuggling

apache2 is vulnerable to HTTP Request Smuggling. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch and a non-specific pattern matches some portion of the user-supplied request-target data and is then re-inserted into the proxied...

CVE-2023-25690

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

CVE-2023-25690

CVE-2023-25690 concerns Apache HTTP Server 2.4.0–2.4.55 with mod_proxy enabled when combined with certain RewriteRule or ProxyPassMatch patterns that re-insert user-supplied URL data into the proxied request-target via variable substitution. The underlying flaw enables HTTP request smuggling thro...

CVE-2023-25690 Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

CVE-2023-25690

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

CVE-2023-25690

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

Information Disclosure

httpd is vulnerable to information disclosure. The vulnerability exists as it was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2249)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the RewriteRule module in the Apache web server, related to the use of incorrect URL names, allows attackers to access sensitive data.

The vulnerability of the RewriteRule module in the Apache web server is related to incorrect processing of requests that contain several slash characters /. Exploiting this vulnerability allows an attacker who operates remotely to gain access to confidential data...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2019-2080)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/',...

ALPINE-CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

DEBIAN-CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

Path traversal

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

Amazon Linux AMI : httpd (ALAS-2011-9)

It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connec...

Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11154/info Apache 2.x modssl is reported prone to a remote denial of service vulnerability. This issue likely exists because the application fails to handle exceptional conditions. The vulnerability originates in the...

Apache module mod_rewrite LDAP protocol Buffer Overflow

No description provided by source. $Id: apachemodrewriteldap.rb 8498 2010-02-15 00:48:03Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

openSUSE Security Update : apache2 (openSUSE-SU-2012:0212-1)

This update fixes several security issues in the Apache2 webserver. CVE-2011-3368, CVE-2011-4317: This update also includes several fixes for a modproxy reverse exposure via RewriteRule or ProxyPassMatch directives. CVE-2011-3607: Integer overflow in appregsub function resulting in a heap based...