16 matches found
EUVD-2024-48827
Malicious code in bioql PyPI...
EUVD-2024-48867
Malicious code in bioql PyPI...
ROS-20250812-08
Apache HTTP Server vulnerability is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to launch an SSRF attack Vulnerability in the modules/proxy/modproxy.c component of the Apache HTTP Server web server is related t...
CVE-2024-7012
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...
CVE-2024-7012
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...
CVE-2024-7923 Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore
An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...
SUSE CVE-2007-3847
The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...
Internet Bug Bounty: Request line injection via HTTP/2 in Apache mod_proxy
I've written this issue up fully here: https://portswigger.net/research/http2request In case it's useful, here's the original report as sent to Apache: I'd like to report a vulnerability in Apache modproxy when used with HTTP/2 enabled. It fails to reject HTTP requests that contain spaces in the...
Apache mod_proxy - Reverse Proxy Exposure
Apache modproxy - Reverse Proxy Exposure !/usr/bin/env python import socket import string import getopt, sys knownports = 0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080 def sendrequesturl, apachetarget, apacheport, internaltarget, internalport, resource: get = "GET " + url +...
Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
Exploit for multiple platform in category remote exploits !/usr/bin/env python import socket import string import getopt, sys knownports = 0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080 def sendrequesturl, apachetarget, apacheport, internaltarget, internalport, resource: get ...
DSA-1834-1 apache2 apache2-mpm-itk - denial of service
Bulletin has no description...
ELOG 2.5.6 - Remote Shell
/ Worked on latest version for me http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz elog-latest.tar.gz 26-Jan-2005 21:36 519K Default port 8080. str0ke / / Hi there, someone has brought to u a gift. ELOG Remote Shell Exploit = 2.5.6 Also for future Versions Updated On 18/April/2004 LOCK YO...
Apache mod_proxy Content-Length Overflow
The remote web server appears to be running a version of Apache that is older than version 1.3.32. This version is reportedly vulnerable to a heap-based buffer overflow in proxyutil.c for modproxy. This issue may lead remote attackers to cause a denial of service and possibly execute arbitrary co...
CVE-2004-0492
Heap-based buffer overflow in proxyutil.c for modproxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service process crash and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied...
Apache mod_proxy buffer overflow
No description provided...
DSA-525 apache - buffer overflow
Bulletin has no description...