979 matches found
httpd: mod_proxy_wstunnel tunneling of non Upgraded connection
A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections...
httpd: mod_session: Heap overflow via a crafted SessionHeader value
A heap overflow flaw was found In Apache httpd modsession. The highest threat from this vulnerability is to system availability...
httpd: mod_proxy_wstunnel tunneling of non Upgraded connection
A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections...
httpd: Unexpected URL matching with 'MergeSlashes OFF'
A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity...
F5 Networks BIG-IP : Apache HTTPD vulnerability (K72382141)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.7 / 16.1.4 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K72382141 advisory. - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Serve...
Important: httpd
Issue Overview: A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity. CVE-2021-33193 A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threa...
httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"
A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...
httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"
A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...
FreeBSD : Apache httpd -- Path Traversal and Remote Code Execution (d001c189-2793-11ec-8fb1-206a8a720317)
The Apache http server project reports : critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 incomplete fix of CVE-2021-41773 CVE-2021-42013. It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a...
httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"
A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 Playground === This is a small Docker recipe for...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 Playground === This is a small Docker recipe for...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 Playground === This is a small Docker recipe for...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 Playground === This is a small Docker recipe for...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 Playground === This is a small Docker recipe for...
Apache HTTPd 2.4.49/2.4.50 路径穿越漏洞
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...
FreeBSD : Apache httpd -- Multiple vulnerabilities (25b78bdd-25b8-11ec-a341-d4c9ef517024)
The Apache http server project reports : - moderate: NULL pointer dereference in h2 fuzzing CVE-2021-41524 - important: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 CVE-2021-41773 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packag...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 Apache httpd only 2.4.49 For educational pur...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 Path traversal in Apache HTTP Server 2.4.49 CV...
Apache Httpd < 2.4.50 : null pointer dereference in h2 fuzzing
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...