15 matches found
Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd:...
EUVD-2023-1844
Malicious code in bioql PyPI...
Trellix: Unauthenticated Path Traversal and Command Injection in Trellix Enterprise Security Manager 11.6.10
A critical vulnerability was identified in Trellix Enterprise Security Manager ESM version 11.6.10. The vulnerability allowed unauthenticated access to internal API endpoints through path traversal and enabled remote code execution via command injection. The issue stemmed from insecure AJP proxy...
BIT-TOMCAT-2023-34981 Apache Tomcat: AJP response header mix-up
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response headers...
Apache Tomcat 8.5.88 Information Disclosure
The version of Apache Tomcat installed on the remote host is 8.5.88, 9.0.74, 10.1.8 or 11.0.0-M5. The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which i...
Apache Tomcat 9.0.74 Information Disclosure
The version of Apache Tomcat installed on the remote host is 8.5.88, 9.0.74, 10.1.8 or 11.0.0-M5. The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which i...
K000135223: Apache Tomcat vulnerability CVE-2023-34981
Security Advisory Description A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyaj...
CVE-2023-34981
A flaw was found in Tomcat. If a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent, resulting in at least one AJP based proxy modproxyajp using the response headers from the previous request for the current request, leading to an information leak. The informatio...
Apache Tomcat vulnerable to information leak
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS message would be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...
CVE-2023-34981
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...
Apache Tomcat 11.0.0-M1 < 11.0.0-M6
The version of Tomcat installed on the remote host is prior to 11.0.0-M6. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.0-m6security-11 advisory. - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, ...
Apache Tomcat 10.1.0 < 10.1.9
The version of Tomcat installed on the remote host is prior to 10.1.9. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.9security-10 advisory. - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a...
Apache Tomcat 9.0.0 < 9.0.75
The version of Tomcat installed on the remote host is prior to 9.0.75. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.75security-9 advisory. - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a...
Fixed in Apache Tomcat 9.0.75
Important: Information disclosure CVE-2023-34981 The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which in turn meant that at least one AJP based proxy...
GLSA-200907-04 : Apache: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200907-04 Apache: Multiple vulnerabilities Multiple vulnerabilities have been discovered in the Apache HTTP server: Jonathan Peatfield reported that the 'Options=IncludesNoEXEC' argument to the 'AllowOverride' directive is not...