httpd: Encoding problem in mod_proxy

A flaw was found in the modproxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication...

SUSE CVE-1999-0071

Apache httpd cookie buffer overflow for versions 1.1.1 and earlier...

httpd: NULL pointer dereference in mod_proxy

A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service...

httpd: Improper escaping of output in mod_rewrite

A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...

httpd: Improper escaping of output in mod_rewrite

A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

The vulnerability of the mod_rewrite module in the Apache HTTP Server allows a hacker to perform an SSRF attack.

The vulnerability of the modrewrite module in the Apache HTTP Server is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

Important: httpd

Issue Overview: Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

MGASA-2024-0272 Updated apache packages fix security vulnerabilities

CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...

The vulnerability of the mod_rewrite module in the Apache HTTP Server allows a hacker to gain unauthorized access to a device by manipulating requests sent from the server’s name.

The vulnerability of the modrewrite module in the Apache HTTP Server is related to insufficient validation of incoming requests. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device by manipulating requests sent from the server’s name...

ALPINE-CVE-2024-40898

SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...

ALPINE-CVE-2024-40725

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

DEBIAN-CVE-2024-40725

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

PT-2024-28364 · Undefined · Undefined

"Source": "CVE FEED", "Title": "CVE-2024-39152 - Apache HTTP Server URI Redirect Defence bypass", "Content": "CVE ID : CVE-2024-39152 Published : July 18, 2024, 7:15 p.m. | 32 minutes ago Description : Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-6655. Reason: This record is...

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An information disclosure vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause source code...

The vulnerability of the mod_proxy module in the Apache HTTP Server allows a hacker to cause a service failure.

The vulnerability of the modproxy module in the Apache HTTP Server is related to incorrect writing of a null pointer. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure through a specially crafted request...

httpd: mod_proxy_uwsgi HTTP response splitting

An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via modproxyuwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client...

httpd: CONTINUATION frames DoS

A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...

DEBIAN-CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

ALPINE-CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...