UBUNTU-CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

The vulnerability of the mod_proxy_uwsgi function in the Apache HTTP Server allows a hacker to cause a service failure.

The vulnerability of the modproxyuwsgi function in the Apache HTTP Server is related to the reading of data beyond the specified buffer. Exploiting this vulnerability can allow a malicious actor to cause a service failure for an application through a uri-path request...

httpd: mod_session: Heap overflow via a crafted SessionHeader value

A heap overflow flaw was found In Apache httpd modsession. The highest threat from this vulnerability is to system availability...

WordPress Backup And Restore 1.0.3 Arbitrary File Deletion

Exploit Title: WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion Date: 11/07/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.miniorange.com/ Software Link: https://wordpress.org/plugins/backup-and-restore-for-wp/ Version: 1.0.3 Tested on : Window...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Poc CVE-2021-41773 - Apache 2.4.49...

Server-Side Request Forgery (SSRF) in pimcore/pimcore

Description Your demo server is running in a vulnerable Apache server Apache/2.4.38. The attacker can easily exploit SSRF vulnerability just by visiting a crafted URL. The vulnerability has been discovered few days ago and it relies on modproxy module. I know that this vulnerability is not direct...

OESA-2021-1387 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apach...

TextPattern CMS 4.8.7 - Remote Command Execution (RCE) (Authenticated)

Exploit Title: TextPattern CMS 4.8.7 - Remote Command Execution RCE Authenticated Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp First of...

Apache HTTP Server vulnerable to directory traversal

Overview Apache HTTP Server provided by The Apache Software Foundation contains a directory traversal vulnerability CWE-22. Shungo Kumasaka of Internet Initiative Japan Inc. reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN. JPCERT/...

Exploit for Path Traversal in Apache Http_Server

No description...

DEBIAN-CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Hello guys, yesterday The new CVE-2021-41773 f...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 - CVE-2021-41773: Path Traversal Zero-Day in A...

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable, and extensible through a simple API. A security vulnerability exists in Apache HTTP Server that stems from the discovery of an inadequate fix for CVE-2021-41773 in Apache...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 apache versio...

ALPINE-CVE-2021-41773

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

USN-5090-2 apache2 vulnerabilities

USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly us...

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Mod_auth_openidc, related to uncontrolled resource consumption, allows attackers to cause service interruptions.

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Modauthopenidc, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

ALPINE-CVE-2021-39275

apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier...

AZL-6484 CVE-2021-34798 affecting package httpd for versions less than 2.4.52-1

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...