CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

DEBIAN-CVE-2022-30522

If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...

DEBIAN-CVE-2022-31813

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...

ALPINE-CVE-2022-30522

If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...

UBUNTU-CVE-2022-28614

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

UBUNTU-CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

UBUNTU-CVE-2022-30556

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread that point past the end of the storage allocated for the buffer...

UBUNTU-CVE-2022-31813

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...

UBUNTU-CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

Apache HTTP Server 输入验证错误漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API. Apache HTTP Server 2.4.53 and earlier versions are vulnerable to an input validation error. An attacker could exploit this vulnerability to read unexpected...

subversion: Subversion's mod_dav_svn is vulnerable to memory corruption

A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...

PyScript 2022-05-04-Alpha Source Code Disclosure

Exploit Title: PyScript Remote Emscripten VMemory Python libraries Source Codes Read Date: 5-9-2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://pyscript.net/ Software Link: https://github.com/pyscript/pyscript Version: 2022-05-04-Alpha Tested on: Ubuntu Apache Server CVE :...

PyScript - Read Remote Python Source Code

Exploit Title: PyScript Remote Emscripten VMemory Python libraries Source Codes Read Date: 5-9-2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://pyscript.net/ Software Link: https://github.com/pyscript/pyscript Version: 2022-05-04-Alpha Tested on: Ubuntu Apache Server CVE :...

The vulnerability of the phpinfo function (ext/standard/info.c) in the PHP programming language interpreter allows a hacker to disclose protected information.

The vulnerability of the phpinfo function ext/standard/info.c in the Apache HTTP Server and the PHP programming language interpreter relates to the disclosure of protected information. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

The vulnerability of the php_handler function (sapi/apache2handler/sapi_apache2.c) in the PHP programming language allows a perpetrator to execute arbitrary code.

The vulnerability of the phphandler function sapi/apache2handler/sapiapache2.c in the Apache HTTP Server, a PHP programming language interpreter, exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

CLSA-2022-1650575725 Update of php 5.3: Fix segfault during graceful Apache restart

ELS-42: Fix segfault during graceful Apache restart...

httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling

A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling...

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Mod_auth_openidc, allows a perpetrator to compromise data integrity.

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Modauthopenidc, is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to compromise the integrity of data...

httpd: mod_lua: Possible buffer overflow when parsing multipart content

A buffer overflow flaw in httpd's lua module could allow an out-of-bounds write. An attacker who is able to submit a crafted request to an httpd instance that is using the lua module may be able to cause an impact to confidentiality, integrity, and/or availability...

The vulnerability of the oidc_validate_redirect_url() function in the authentication and authorization module for the Apache 2.x HTTP server Mod_auth_openidc allows a perpetrator to access sensitive data and compromise its integrity.

The vulnerability of the oidcvalidateredirecturl function in the authentication and authorization module for the Apache 2.x HTTP server Modauthopenidc is related to the use of open redirection. Exploiting this vulnerability allows a malicious actor to gain access to sensitive data and compromise...