5876 matches found
CVE-2024-38474 Apache HTTP Server weakness with encoded question marks in backreferences
Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...
CVE-2024-38474
Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...
CVE-2024-38474
Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...
CVE-2024-38473
The CVE-2024-38473 issue affects Apache HTTP Server (mod_proxy) in versions up to 2.4.59, where improper/encoded request URL handling can allow requests to reach backends and potentially bypass authentication. Public references and advisories state the vulnerability arises from encoding problems ...
CVE-2024-38473 Apache HTTP Server proxy encoding problem
Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
CVE-2024-38473
Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
CVE-2024-38473
Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
CVE-2024-38472
SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new...
CVE-2024-38472
CVE-2024-38472 : Apache HTTP Server on Windows is vulnerable to server-side request forgery (SSRF) that could leak NTLM hashes to a malicious server via crafted requests, due to improper validation of Windows UNC/UNC paths. The issue is addressed by upgrading to Apache HTTP Server 2.4.60 (as note...
CVE-2024-38472
SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new...
CVE-2024-38472 Apache HTTP Server on WIndows UNC SSRF
SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new...
CVE-2024-36387 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...
httpd: HTTP response splitting
A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting...
httpd:2.4/httpd security update
httpd 2.4.37-65.0.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-65 - Resolves: RHEL-31857 - httpd:2.4/httpd: HTTP response splitting CVE-2023-38709 modhttp2 modmd...
Apache HTTP Server 安全漏洞
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server that can be exploited by an attacker to map URLs to file system locations th...
Apache HTTP Server 输入验证错误漏洞
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause insecure...
KLA70199 Multiple vulnerabilities in Apache HTTP Server
Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Security vulnerability in SSRF can be exploited to bypass...
RHEL 8 : httpd:2.4/httpd (RHSA-2024:4197)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4197 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd:2.4: httpd: HTTP response...
Apache 2.4.x < 2.4.60 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is prior to 2.4.60. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.60 advisory. - Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash o...
Apache HTTP Server 安全漏洞
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An information disclosure vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to obtain sensitive...