Astra Linux - уязвимость в apache2

A encoding problem in the modproxy component of the Apache HTTP Server 2.4.59 and earlier versions allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication through crafted requests. It is recommended that users upgrade to version 2.4.60, as...

Astra Linux - уязвимость в apache2

A properly crafted URI sent to httpd, configured as a forward proxy with ProxyRequests enabled, can cause a crash NULL pointer dereference. In configurations that mix forward and reverse proxy declarations, it can also allow requests to be directed to a declared Unix Domain Socket endpoint...

CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

CVE-2026-3234

A flaw was found in modproxycluster. This vulnerability, a Carriage Return Line Feed CRLF injection in the decodeenc function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoin...

MiracleLinux 3 : httpd-2.2.3-11.4.1AXS3 (AXBA:2008-331:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-331:03 advisory. - Cross-site scripting XSS vulnerability in proxyftp.c in the modproxyftp module in Apache 2.0.63 and earlier, and modproxyftp.c in the modproxyftp...

CVE-2025-66029 Open OnDemand affected by Apache proxy passing sensitive headers

Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...

CVE-2025-66029 Open OnDemand affected by Apache proxy passing sensitive headers

Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...

CVE-2025-66029

Open OnDemand (prior to 4.1) is affected: the Apache proxy in 4.0.8 and earlier may pass sensitive headers to origin servers, enabling an attacker to set up an origin server on a compute node that records headers when users connect. A fix is expected in the 4.1 release; for 4.0.x workarounds exis...

CVE-2025-66029 Open OnDemand affected by Apache proxy passing sensitive headers

Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...

EUVD-2025-204011

Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...

Open OnDemand 安全漏洞

Open OnDemand is an open source implementation of Open Interactive HPC over the Web from Ohio Supercomputer Center. A security vulnerability exists in Open OnDemand 4.0.8 and earlier versions, which originates when the Apache proxy passes sensitive headers to the origin server, potentially leadin...

PT-2025-51973

Name of the Vulnerable Software and Affected Versions Open OnDemand versions prior to 4.1 Description Open OnDemand provides remote web access to supercomputers. The Apache proxy in versions 4.0.8 and earlier allows sensitive headers to be passed to origin servers. This could allow malicious user...

PT-2025-34069 · Undefined · Undefined

🔥 Critical & High-Severity CVEs 1. CVE-2025-27461 — Ivanti Connect Secure / Policy Secure Auth Bypass → RCE Severity: Critical 9.8 Vector: Exploitable over the internet; bypasses auth → remote code execution. Why it matters: Actively exploited by ransomware crews; initial access vector. Defender...

Linux Distros Unpatched Vulnerability : CVE-2023-25690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modprox...

CVE-2024-7923

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

SUSE CVE-2024-38473

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

PT-2023-32745 · Apache +2 · Apache Server +2

Name of the Vulnerable Software and Affected Versions: Apache server affected versions not specified Description: A flaw was found in the mod proxy cluster in the Apache server, which may allow a malicious user to add a script in the alias parameter in the URL to trigger a stored cross-site...

SUSE CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

UBUNTU-CVE-2022-46302

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk = 2.1.0p6, Checkmk = 2.0.0p27, and all versions of Checkmk 1.6.0 EOL allowing an attacker to perform remote code execution wi...

AZL-45186 CVE-2023-25690 affecting package mod_http2 for versions less than 2.0.29-3

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...