CVE-2024-43204 Apache HTTP Server: SSRF with mod_headers setting Content-Type header

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

CVE-2024-43204

CVE-2024-43204 affects Apache HTTP Server when mod_proxy is loaded. The vulnerability permits SSRF by sending outbound proxy requests to a URL controlled by the attacker, requiring an unlikely configuration in which mod_headers modifies the Content-Type header with a value provided in the HTTP re...

CVE-2024-43204 Apache HTTP Server: SSRF with mod_headers setting Content-Type header

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

CVE-2024-43204

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

CVE-2024-43204

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

CVE-2024-42516 Apache HTTP Server: HTTP response splitting

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

CVE-2024-42516

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

CVE-2024-42516 Apache HTTP Server: HTTP response splitting

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

CVE-2024-42516

CVE-2024-42516 affects Apache HTTP Server (httpd). The issue is HTTP response splitting caused by faulty input validation in the core, allowing manipulation of Content-Type headers to split responses. Reports indicate the vulnerability was discussed as CVE-2023-38709, with patches through 2.4.59 ...

CVE-2024-42516

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

Security Bulletin: Due to use of IBM Tivoli Monitoring , IBM Cloud Pak System is affected by multiple vulnerabilities.

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-39573 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the modrewrite. By sending a specially crafted request, an attacker could exploit...

Apache HTTP Server 访问控制错误漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An Access Control Error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause an access contr...

PT-2025-29120

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.17 through 2.4.63 Description: A late release of memory after effective lifetime issue exists in Apache HTTP Server. Recommendations: Upgrade to version 2.4.64...

PT-2025-29115

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.0 through 2.4.63 Description: A Server-Side Request Forgery SSRF issue exists in Apache HTTP Server on Windows. This issue potentially allows the leakage of NTLM hashes to a malicious server via mod rewrite or...

KLA85814 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, perform cross-site scripting attack, cause denial of service. Below is a complete list of vulnerabilities: 1. Insufficient...

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An unspecified vulnerability exists in Apache HTTP Server that stems from insufficient escaping of user-supplied data by modssl,...

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: moderate: Apache HTTP Server: HTTP response splitting CVE-2024-42516 low: Apache HTTP Server: SSRF with modheaders setting Content-Type header CVE-2024-43204 moderate: Apache HTTP Server: SSRF on Windows due to UNC paths CVE-2024-43394 low: Apache HTTP Server:...

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server, which stems from a modproxyhttp2 assertion failure that can be...

PT-2025-29220 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: A flaw exists that may allow unauthenticated remote code execution when a malicious folder is created via the web interface HTTP when it is enabled. HTTP is disabled by default...

mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...