mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. More at:...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2240)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2023-2148)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2191)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2023-2191)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affect...

EulerOS Virtualization 2.11.1 : httpd (EulerOS-SA-2023-2071)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2071)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2123)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 (RHSA-2023:3354)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3354 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...

Exploit for Path Traversal in Apache Http_Server

Apache-CVEs Exploit created in python3 to exploit known vulner...

EulerOS Virtualization 2.9.0 : httpd (EulerOS-SA-2023-2019)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...

EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2023-1998)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...

Moderate: Red Hat Security Advisory: apr-util security update

An update for apr-util is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...

Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to HTTP request splitting attacks (CVE-2023-25690)

Summary Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to HTTP request splitting attacks. IBM has addressed the relevant vulnerability Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when...

CVE-2019-19791

In LemonLDAP::NG aka lemonldap-ng before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints when some LemonLDAP::NG setup options are used. For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive...

CVE-2019-19791

In LemonLDAP::NG aka lemonldap-ng before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints when some LemonLDAP::NG setup options are used. For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive...

CVE-2019-19791

In LemonLDAP::NG aka lemonldap-ng before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints when some LemonLDAP::NG setup options are used. For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive...