SUSE CVE-2021-40438

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

SUSE CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

SUSE CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

SUSE CVE-2022-22720

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling...

SUSE CVE-2022-23943

Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions...

SUSE CVE-2022-30522

If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...

SUSE CVE-2022-30556

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread that point past the end of the storage allocated for the buffer...

SUSE CVE-2022-36760

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

USN-5834-1 apache2 vulnerabilities

It was discovered that the Apache HTTP Server moddav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. CVE-2006-20001 It was discovered that the Apache HTTP Server...

The vulnerability of the mod_proxy_ajp module in the Apache HTTP Server allows a hacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the modproxyajp module in the Apache HTTP Server is related to deficiencies in header processing for Transfer-Encoding. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests HTTP Request Smuggling attacks...

DEBIAN-CVE-2006-20001

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

AZL-43456 CVE-2022-37436 affecting package mod_http2 1.15.14-2

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...

ALPINE-CVE-2006-20001

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

ALPINE-CVE-2022-37436

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...

UBUNTU-CVE-2022-23527

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

mod_auth_openidc 输入验证错误漏洞

modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server that is used as an OpenID Connect dependency to authenticate users against the OpenID Connect provider. An input validation error vulnerability exists in modauthopenidc prior to...

httpd: mod_isapi: out-of-bounds read

An out-of-bounds read vulnerability was found in the modisapi module of httpd. The issue occurs when httpd is configured to process requests with the modisapi module...

httpd: Out-of-bounds read via ap_rwrite()

An out-of-bounds read vulnerability was found in httpd. A very large input to the aprputs and aprwrite functions can lead to an integer overflow and result in an out-of-bounds read...

httpd: Out-of-bounds read in ap_strcmp_match()

An out-of-bounds read vulnerability was found in httpd. A very large input to the apstrcmpmatch function can lead to an integer overflow and result in an out-of-bounds read...

httpd: mod_sed: DoS vulnerability

A flaw was found in the modsed module of httpd. A very large input to the modsed module can result in a denial of service due to excessively large memory allocations...