httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write...

CVE-2021-34579

In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download...

httpd: mod_lua: DoS in r:parsebody

A flaw was found in the modlua module of httpd. A malicious request to a Lua script that calls parsebody0 can lead to a denial of service due to no default limit on the possible input size...

httpd: mod_lua: Information disclosure with websockets

A flaw was found in the modlua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure...

Exploit for Path Traversal in Apache Http_Server

It is an exploit module/toolkit targeting Apache path traversal...

httpd: mod_proxy_ajp: Possible request smuggling

An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests...

httpd: Out-of-bounds read via ap_rwrite()

An out-of-bounds read vulnerability was found in httpd. A very large input to the aprputs and aprwrite functions can lead to an integer overflow and result in an out-of-bounds read...

The vulnerability of the mod_sed content filter in the Apache HTTP Server allows a hacker to induce a service failure.

The vulnerability of the modsed content filter in the Apache HTTP Server is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerability of the mod_isapi module in the Apache HTTP Server allows a hacker to cause a service failure.

The vulnerability of the modisapi module in the Apache HTTP Server is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure by sending a specially crafted HTTP request...

The vulnerability of the mod_lua module in the Apache HTTP Server allows a hacker to cause a service failure.

The vulnerability of the modlua module in the Apache HTTP Server is related to the unlimited distribution of resources when processing the function with zero parameter r:parsebody0. Exploiting this vulnerability allows a malicious actor to cause service failures by sending a specially crafted HTT...

The vulnerability of the mod_proxy_ajp module in the Apache HTTP Server allows a hacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the modproxyajp module in the Apache HTTP Server is related to improper handling of HTTP requests. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests HTTP Request Smuggling attack...

The vulnerability of the ap_strcmp_match() function in the Apache HTTP Server allows a hacker to cause a service failure or gain unauthorized access to protected information.

The vulnerability of the apstrcmpmatch function in the Apache HTTP Server is related to integer overflow. Exploiting this vulnerability could allow a remote attacker to cause service failures or gain unauthorized access to protected information by sending a specially crafted HTTP request...

The vulnerability of the mod_proxy module in the Apache HTTP Server allows attackers to circumvent security restrictions.

The vulnerability of the modproxy module in the Apache HTTP Server is related to insufficient validation of data authenticity or the use of unreliable sources for processing X-Forwarded- headers. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

Default credentials

The www-data Apache web server account is configured to run sudo with no password for many commands including /bin/sh and /bin/bash...

ALPINE-CVE-2022-30556

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread that point past the end of the storage allocated for the buffer...

ALPINE-CVE-2022-31813

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...

DEBIAN-CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

CVE-2022-28330

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module...

CVE-2022-28614

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

CVE-2022-30522

If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...