Linux Distros Unpatched Vulnerability : CVE-2013-5704

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass RequestHeader unset directives by placing a header in the trailer porti...

SUSE CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PH...

SUSE CVE-2024-40725

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

VulnCheck KEV: CVE-2011-2688

SQL injection vulnerability in mysql/mysql-auth.pl in the modauthnzexternal module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field...

PT-2025-1357 · Undefined · Undefined

"Source": "CVE FEED", "Title": "CVE-2021-35685 - Apache Server File Inclusion Vulnerability", "Content": "CVE ID : CVE-2021-35685 Published : Jan. 16, 2025, 12:15 a.m. | 37 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because...

PT-2025-49181

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.66 Description The Apache HTTP Server, when configured with Server Side Includes SSI enabled and utilizing mod cgid but not mod cgi, improperly handles shell-escaped query strings passed to exec cmd=".....

Check Point response to Apache HTTP CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-39884

Symptoms - These issues were reported in the Apache HTTP Server version 2.4.60 and lower: 1. CVE-2024-38473 - Apache HTTP Server: proxy encoding problem 2. CVE-2024-38474 - Apache HTTP Server: weakness with encoded question marks in backreferences 3. CVE-2024-38475 - Apache HTTP Server: weakness...

PT-2024-38642 · Undefined · Undefined

"Source": "CVE FEED", "Title": "CVE-2024-7865 - Apache HTTP Server Directory Traversal Vulnerability", "Content": "CVE ID : CVE-2024-7865 Published : Nov. 15, 2024, 4:15 p.m. | 44 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2414. Reason...

httpd: HTTP Response Splitting in multiple modules

A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack...

Security update for apache2

This update for apache2 fixes the following issues: CVE-2023-45802: HTTP/2 stream memory not reclaimed right away on RST bsc1216423. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

PT-2024-39901 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: A cross-site scripting issue has been identified. No further details are available due to the rejection of the candidate number. Recommendations: At the moment, there is no...

Microsoft Office NTLMv2 Disclosure

Exploit Title: Microsoft Office NTLMv2 Disclosure Vulnerability Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.office.com/ Software Link: https://www.office.com/ Details: https://github.com/passtheticket/CVE-2024-38200 Version: Microsoft Office 2019 MSO Build 1808...

httpd: SSRF in Apache HTTP Server on Windows via mod_rewrite in server/vhost context

A flaw was found in HTTPd on Windows systems. This issue potentially allows NTLM hashes to be leaked via modrewrite in server/vhost context to a malicious server via Server-side request forgery SSRF and malicious requests or content...

The vulnerability of the modules/proxy/mod_proxy.c component of the Apache HTTP Server, related to a lack of mechanisms for encoding or shielding output data, allows attackers to gain access to confidential data and also trigger a denial-of-service attack.

The vulnerability of the modules/proxy/modproxy.c component of the Apache HTTP Server is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability can allow an attacker to gain access to confidential data, as well as cause service failures...

D-Link DAP-2310 安全漏洞

The D-Link DAP-2310 is a single-band wireless network access point from China AUO D-Link for small businesses or schools that need a fast and reliable wireless network. A security vulnerability exists in the D-Link DAP-2310 version 1.16RC028, which originates from a vulnerability that allows remo...

WANGKONGBAO CNS-1000 And 1100 UTM Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WANGKONGBAO CNS-1000 and 1100 UTM Directory Traversal', 'Description' = %q This module exploits the WANGKONGBAO CNS-1000 and 1100 UTM appliances...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

httpd: Encoding problem in mod_proxy

A flaw was found in the modproxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication...

httpd: Improper escaping of output in mod_rewrite

A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...

httpd: NULL pointer dereference in mod_proxy

A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service...