UBUNTU-CVE-2020-13950

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

UBUNTU-CVE-2021-26691

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

SUSE: Security Advisory (SUSE-SU-2017:2907-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vulnerabilities fixed in Apache

Apache has released version 2.4.48 of the Apache Web server. In this version a number of vulnerabilities have been fixed, which can be exploited by an unauthenticated remote malicious person could be exploited to cause a denial-of-service. A vulnerability has also been fixed, which can be exploit...

PT-2021-5464 · Apache +8 · Apache Http Server +8

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.41 through 2.4.46 Description: The issue is related to the mod proxy http function in the Apache HTTP Server, which can be made to crash due to a NULL pointer dereference when handling specially crafted request...

httpd: mod_session_cookie does not respect expiry time

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

mod_auth_openidc 资源管理错误漏洞

ZmartZone IAM modauthopenidc is an authentication/authorization module for the Apache HTTP server. A resource management error vulnerability exists in modauthopenidc, which arises from an application that does not properly control the consumption of internal resources. A remote attacker could use...

CVE-2021-29641

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

The vulnerability of the mod_http2 module in the Apache HTTP Server, related to the assignment of the zero pointer, allows a hacker to trigger a denial-of-service attack.

The vulnerability of the modhttp2 module in the Apache HTTP Server is related to incorrect handling of HTTP/2 requests. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the mod_md task processor in the Apache HTTP Server web server allows a attacker to cause a service failure.

The vulnerability of the modmd task processor in the Apache HTTP Server is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause service failures...

HTTP Bridge - Send TCP Stream Packets Over Simple HTTP Request

I've wrote this program as a proof of concept to test the idea of be able to send tcp stream packets over simple http request like PUT, PATCH, POST, GET, without use a proxy way like CONNECT method. Also as a practice exercise to train my novice skill on rust language. Description These tool is...

The vulnerability of the HTTP/2 mechanism implemented in the Apache HTTP Server allows attackers to cause service failures or lead to incorrect server configurations.

The vulnerability of the HTTP/2 web server implementation in the Apache HTTP Server is related to inconsistent interpretation of http requests. Exploiting this vulnerability can allow a malicious actor to cause service failures or lead to incorrect server configuration...

The vulnerability of the mod_remoteip and mod_rewrite modules in the Apache HTTP Server allows a hacker to replace an IP address.

The vulnerability of the modremoteip and modrewrite modules in the Apache HTTP Server is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a remote attacker to perform IP address substitution attacks...

Exploit for Integer Overflow or Wraparound in F5 Nginx

PoC exploit for CVE-2017-7529, a vulnerability in the Apache HTTP Server. The target is the Apache HTTP Server, with the vulnerability class being a buffer overflow. The probable entry point is the CVE-2017-7529PoC.py script, which uses the requests library to send a GET request to the target...

The vulnerability of the apr_uri_parse() function in the mod_auth_mellon authentication module of the Apache HTTP Server allows a hacker to redirect users to a malicious website.

The vulnerability of the apruriparse function in the modauthmellon authentication module of the Apache HTTP Server relates to the redirection of URLs to unreliable websites. Exploiting this vulnerability could allow a malicious actor to redirect users to malicious websites using the login?ReturnT...

PT-2020-6242 · Apache +9 · Apache Http Server +9

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.0 through 2.4.46 Description: The issue is caused by a stack overflow in the mod auth digest function of the Apache HTTP Server. This can be triggered by a specially crafted Digest nonce. Although there are no...

httpd: memory corruption on early pushes

A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash...

httpd: read-after-free in h2 connection shutdown

A read-after-free vulnerability was discovered in Apache httpd, in modhttp2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash...

httpd: mod_http2: DoS via slow, unneeded request bodies

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

httpd: mod_proxy_uwsgi buffer overflow

A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...