PT-2024-40410 · Apache +1 · Apache +1

Name of the Vulnerable Software and Affected Versions: eZ Platform and Legacy affected versions not specified Description: The issue is related to how uploaded PHP and PHAR files are handled. It consists of two parts: web server configuration and disabling the PHAR stream wrapper. The sample web...

Fail2ban 0.8.9, Denial of Service (Apache rules only)

Version 0.8.9 latest of Fail2ban allows to perform remote denial of service for arbitrary chosen IP address. Address listed on Fail2ban's whitelist are not affected. The vulnerability exists in Apache rules and it is caused by improper validation of a log file by regular expression. Malicious use...