Apache Httpd < 2.4.48 : NULL pointer dereference on specially crafted HTTP/2 request

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...

RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 (RHSA-2021:1199)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1199 advisory. This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. This release...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 12 security update

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update

Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

PT-2021-3578 · Apache +9 · Apache Http Server +9

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.39 through 2.4.46 Description: The issue exists due to insufficient input validation in the Apache HTTP Server. Exploitation of this issue may allow a remote attacker to impact the integrity of protected...

CVE-2021-29641

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

Design/Logic Flaw

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

CVE-2021-29641

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

CVE-2021-29641

CVE-2021-29641 affects Directus 8 up to 8.8.2. The vulnerability arises from file-upload permissions that allow uploading a PHP file to the main upload directory and, in a subdirectory, a PHP file plus an .htaccess, enabling remote authenticated code execution. Exploitation is limited to specific...

QNAP QTS < 4.3.6.1620 Build 20210322 Multiple Vulnerabilities

This VT has been deprecated and replaced by the VT SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

vulhub

This is a collection of vulnerable Docker environments, known as Vulhub. It's an open-source project that provides pre-built vulnerable environments for testing and learning purposes. The project is maintained by phith0n and is available on GitHub. The repository contains a variety of vulnerable...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-1602)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-1663)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.0 : httpd (EulerOS-SA-2021-1663)

According to the version of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would resul...

EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2021-1602)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge...

NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2021-0036)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by multiple vulnerabilities: - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded...

PT-2021-3577

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.0 through 2.4.46 Description: The issue is related to a heap overflow that can be caused by a specially crafted SessionHeader sent by an origin server. This could potentially allow a remote attacker to impact t...

Apache HTTP Server Detection Consolidation

Consolidation of Apache HTTP Server detections. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Use After Free in Apache Http_Server

CVE-2019-0211 介绍 CVE-2019-0211 软件架构 软件架构说明 安装教程 1. xxxx 2. xxxx 3. xxxx 使用说明 1. xxxx 2. xxxx 3. xxxx 参与贡献 1. Fork 本仓库 2. 新建 Featxxx 分支 3. 提交代码 4. 新建 Pull Request 特技 1. 使用 Readme\XXX.md 来支持不同的语言，例如 Readme\en.md, Readme\zh.md 2. Gitee 官方博客 blog.gitee.com 3. 你可以 https://gitee.com/explore 这个地址来了解 Git...