EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-2320)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to...

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-2291)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to...

Amazon Linux 2022 : httpd, httpd-core, httpd-devel (ALAS2022-2022-110)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-110 advisory. An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2022-2222)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to...

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2022-2270)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to...

SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2022:2342-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2342-1 advisory. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2022:2338-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2338-1 advisory. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows a...

Amazon Linux AMI : httpd24 (ALAS-2022-1607)

The version of httpd24 installed on the remote host is prior to 2.4.54-1.98. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1607 advisory. An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache HTTP Server vulnerabilities (USN-5487-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5487-1 advisory. It was discovered that Apache HTTP Server modproxyajp incorrectly handled certain crafted request. A remote attacker...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2022:2101-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2101-1 advisory. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows a...

Apache 2.4.x < 2.4.54 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.54. It is, therefore, affected by multiple vulnerabilities: - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker...

CVE-2022-28614

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

ALPINE-CVE-2022-28614

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

CVE-2022-28614

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

Design/Logic Flaw

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

UBUNTU-CVE-2022-28614

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

FreeBSD : Apache httpd -- Multiple vulnerabilities (49adfbe5-e7d1-11ec-8fbd-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 49adfbe5-e7d1-11ec-8fbd-d4c9ef517024 advisory. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in...

Internet Bug Bounty: Read beyond bounds via ap_rwrite() [zhbug_httpd_47.2]

Greetings. I have found that aprwrite /server/protocol.c can cause a read beyond bounds with the extra data sent to an attacker. The bug is that aprwrite passes its |int nbyte| argument to bufferoutput, where bufferoutput's corresponding |len| argument isa |aprsizet|. Thus, a negative |nbyte| val...

CVE-2022-28614 read beyond bounds via ap_rwrite()

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...