CVE-2021-33193 Request splitting via HTTP/2 method injection and mod_proxy

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This is an open-source collection of vulnerable web applications and environments for security testing and education. The repository is maintained by phith0n and is available on GitHub. It contains a variety of vulnerable applications, including web servers, databases, and other systems, to help...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2021-2298)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of...

Apache HTTP Server 2.4.17 < 2.4.49 'mod_proxy' HTTP/2 Request Smuggling Vulnerability - Linux

Apache HTTP Server is prone to an HTTP/2 request smuggling vulnerability in the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Apache HTTP Server 2.4.17 < 2.4.49 'mod_proxy' HTTP/2 Request Smuggling Vulnerability - Windows

Apache HTTP Server is prone to an HTTP/2 request smuggling vulnerability in the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

The vulnerability of the HTTP/2 implementation of the mod_http2 module in the Apache HTTP Server allows a attacker to cause a service failure.

The vulnerability of the HTTP/2 implementation of the modhttp2 module in the Apache HTTP Server is related to pointer dereferencing errors. Exploiting this vulnerability could allow a malicious actor to cause a service failure by sending a specially crafted request...

PT-2021-5758 · Apache +9 · Apache Http Server +9

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.48 and earlier Description: The issue is related to the ap escape quotes function, which may write beyond the end of a buffer when given malicious input. Although no included modules pass untrusted data to thes...

Moderate: Red Hat Security Advisory: rh-php73-php security, bug fix, and enhancement update

An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2021-32786

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers...

Apache HTTP Server 格式化字符串错误漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and extensible via a simple API. A formatting string error vulnerability exists in Apache versions prior to 2.4.9, where an attacker can reliably cause a denial of service ...

CVE-2021-32785

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When modauthopenidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache...

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:2127-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2127-1 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests...

KLA12362 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in HTTP/2 connections can be exploited via special crafted requests to cause...

Security Bulletin: Vulnerability identified in WebSphere Application Server affects Cloud Pak System (CVE-2021-30641)

Summary Vulnerability in Apache HTTP server identified in WebSphere Application Server shipped with IBM Cloud Pak System. Information about vulnerability has been published in security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Amazon Linux AMI : httpd24 (ALAS-2021-1514)

The version of httpd24 installed on the remote host is prior to 2.4.48-1.92. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1514 advisory. A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 A flaw w...

Debian DLA-2706-1 : apache2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2706 advisory. Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes opti...

Apache HTTP Server Detection (HTTP Error Page)

HTTP error-page based detection of the Apache HTTP Server. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4937-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4937-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 08, 2021 https://www.debian.org/security/faq -...