979 matches found
SUSE CVE-2017-15710
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...
SUSE CVE-2018-1283
In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its...
CLSA-2023-1675111708 httpd: Fix of CVE-2022-36760
CVE-2022-36760: modproxyajp: fix possible HTTP request smuggling...
[slackware-security] php
New php packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/php-7.4.33-i586-2slack15.0.txz: Rebuilt. This update fixes a security issue: PDO::quote may return unquoted string. For more information...
K34125394: Apache HTTPD vulnerability CVE-2017-3167
Security Advisory Description In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3167 Impact When this vulnerability is exploited, an...
httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write...
Apache httpd mod_proxy NULL Pointer Dereference (CVE-2021-44224)
A NULL pointer dereference vulnerability exists in the modproxy module of Apache httpd. The vulnerability is due to improper handling of malformed Request-URIs sent to servers configured as a forward proxy. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted...
httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write...
httpd: mod_proxy_ajp: Possible request smuggling
An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests...
httpd: possible NULL dereference or SSRF in forward proxy configurations
There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...
httpd: Request splitting via HTTP/2 method injection and mod_proxy
A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity...
httpd: Out-of-bounds read in ap_strcmp_match()
An out-of-bounds read vulnerability was found in httpd. A very large input to the apstrcmpmatch function can lead to an integer overflow and result in an out-of-bounds read...
GLSA-202208-20 : Apache HTTPD: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202208-20 Apache HTTPD: Multiple Vulnerabilities - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP...
Internet Bug Bounty: Pause-based desync in Apache HTTPD
Apache was vulnerable to a pause-based desync. This vulnerability is described in detail in my whitepaper here: https://portswigger.net/research/browser-powered-desync-attackspause Impact This enables server-side HTTP Request Smuggling when Apache is deployed as a back-end server, and it also...
Apache HTTPD Server ap_escape_html2 Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache HTTPD Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apescapehtml2 function. The issue results from the lack of proper validation of...
httpd: mod_proxy NULL pointer dereference
A flaw was found In Apache httpd. The modproxy has a NULL pointer dereference. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...
Apache 2.4.x < 2.4.52 mod_lua Buffer Overflow
The version of Apache httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by a flaw related to modlua when handling multipart content. A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The...
subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...
subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...