Lucene search
+L

137 matches found

OSV
OSV
added 2025/07/10 5:15 p.m.4 views

UBUNTU-CVE-2025-23048

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

9.1CVSS7.1AI score0.0097EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/07/10 4:56 p.m.6 views

CVE-2025-23048

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

9.1CVSS6.5AI score0.0097EPSS
Exploits1
Cvelist
Cvelist
added 2025/07/10 4:56 p.m.93 views

CVE-2025-23048 Apache HTTP Server: mod_ssl access control bypass with session resumption

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

0.0097EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/07/10 4:56 p.m.8 views

CVE-2025-23048 Apache HTTP Server: mod_ssl access control bypass with session resumption

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

6.1AI score0.0097EPSS
Exploits1References1
Hacker One
Hacker One
added 2025/02/06 1:18 p.m.12 views

Internet Bug Bounty: TLS client authentication can be bypassed due to ticket resumption

The TLS client authentication can be bypassed due to ticket resumption. The issue was that TLS session tickets were not properly isolated for multiple virtual hosts in one server. This allowed a ticket issued for one virtual host to be resumed at a different virtual host, circumventing client...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.7 views

PT-2025-54828

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.14 Apache Tomcat versions 10.1.0-M1 through 10.1.49 Apache Tomcat versions 9.0.0-M1 through 9.0.112 Apache Tomcat versions 8.5.0 through 8.5.100 Description Tomcat did not properly validate the hos...

9.1CVSS5.5AI score0.00235EPSS
Exploits0References204
Positive Technologies
Positive Technologies
added 2024/11/25 12:0 a.m.12 views

PT-2025-29117

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.35 through 2.4.63 Description: In certain mod ssl configurations, an access control bypass is possible for trusted clients using TLS 1.3 session resumption. This occurs when mod ssl is configured for multiple...

9.4CVSS7.5AI score0.0097EPSS
Exploits1References222
Tenable Nessus
Tenable Nessus
added 2024/11/20 12:0 a.m.8 views

Virtual Hosts Detected

This is an informational plugin to inform the user that the scanner detected the presence of one or multiple virtual hosts on the target server. No source data...

7.3AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/05/30 8:0 p.m.18 views

ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting

Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, https enforcement, password reset links and many more. Since the host header itself is provided by the client...

7.2AI score
Exploits0References8Affected Software1
OSV
OSV
added 2024/05/30 8:0 p.m.15 views

GHSA-MXJF-HC9V-XGV2 ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting

Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, https enforcement, password reset links and many more. Since the host header itself is provided by the client...

6.1CVSS7.2AI score
Exploits0References8
OSV
OSV
added 2024/03/06 11:10 a.m.35 views

BIT-TYPO3-2021-41114

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the...

5.3CVSS5AI score0.0116EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2023/07/17 10:21 p.m.517 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

auto-cve-2022-44268 Automating expl...

6.5CVSS6.8AI score0.89855EPSS
Exploits28
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.5 views

SUSE CVE-2009-0754

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.funcoverload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server...

2.1CVSS6.7AI score0.00948EPSS
Exploits2References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.6 views

SUSE CVE-2018-10847

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of...

8.8CVSS6.8AI score0.01657EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 5:1 p.m.33 views

GHSA-9PF7-F47Q-MWPQ Cross-site Scripting in RabbitMQ

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious use...

3.5CVSS4.5AI score0.00796EPSS
Exploits0References4
OSV
OSV
added 2021/12/20 8:15 p.m.3 views

CVE-2021-43437

In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. Thi...

8.8CVSS7.4AI score0.01227EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2021/11/18 12:0 a.m.119 views

httpd:2.4 security update

httpd 2.4.37-43.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html. 2.4.37-43 - Related: 2007235 - CVE-2021-40438 httpd:2.4/httpd: modproxy: SSRF via a crafted request uri-path 2.4.37-42 - Resolves: 2007235 - CVE-2021-40438...

10CVSS9.2AI score0.99999EPSS
Exploits7
Oracle linux
Oracle linux
added 2021/11/16 12:0 a.m.77 views

httpd:2.4 security, bug fix, and enhancement update

httpd 2.4.37-41.0.1 - Add checks on the configured UDS path Orabug: 33412270CVE-2021-40438 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-41 - Resolves: 1680111 - httpd sends reply to HTTPS GET using two TLS records -...

9CVSS7.8AI score0.99999EPSS
Exploits7
Github Security Blog
Github Security Blog
added 2021/10/05 8:23 p.m.65 views

HTTP Host Header Injection

Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C 3.5 Problem It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend...

5.3CVSS1.2AI score0.0116EPSS
Exploits0References8Affected Software2
Typo3
Typo3
added 2021/10/05 12:0 a.m.107 views

HTTP Host Header Injection in Request Handling

It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can b...

5CVSS0.6AI score0.02662EPSS
Exploits0Affected Software1
Rows per page
Query Builder