AZL-31610 CVE-2023-43622 affecting package httpd for versions less than 2.4.58-1

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

AZL-44955 CVE-2023-43622 affecting package mod_http2 for versions less than 2.0.29-3

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

ALPINE-CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

UBUNTU-CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST

...

CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

SUSE CVE-2023-31122

Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...

Apache HTTP Server Resource Management Error Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable, and extensible via a simple API. A resource management error vulnerability exists in Apache HTTP Server versions 2.4.55 through 2.4.57, which originates when an attacker...

PT-2023-6292

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.58 Description The issue is related to the handling of HTTP/2 streams in the Apache HTTP Server. When a client resets an HTTP/2 stream using an RST frame, there is a time window where the request's memo...

Oracle Linux 7 : httpd (ELSA-2020-3958)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3958 advisory. - Resolves: 1823262 - CVE-2020-1934 httpd: modproxyftp use of uninitialized value - Resolves: 1565491 - CVE-2017-15715 httpd: bypass with a trailing...

VulnCheck KEV: CVE-2023-38035

Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

PoC exploit for CVE-2023-3519, an arbitrary file read vulnerabil...

File Upload Bypass Leads to Remote Code Execution (RCE)

Description Vulnerable file upload functionality that users can upload files. Although almost all files with extensions like php, phtml, etc. have been prevented, an attacker can still upload phps files and remote code execute . Condition The Apache server which is hosting the web application nee...

Unrestricted Upload File leads to Remote Code Execution

Description The upload file function is vulnerable that user can upload the file with other extensions .php, .phps, ... by using Magic Bytes technique. However, the .htaccess has almost prevented all the files with extensions such as php, phps, phtml, ... The attacker still can upload the hphp fi...

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

The vulnerability of the mod_proxy_uwsgi component in the Apache HTTP Server is related to deficiencies in HTTP request processing, allowing attackers to carry out a “HTTP request hijacking” attack.

The vulnerability of the modproxyuwsgi component in the Apache HTTP Server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...