Lucene search
K

266 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.7 views

SUSE CVE-2008-0005

modproxyftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting XSS attacks using UTF-7 encoding...

4.3CVSS6.2AI score0.14611EPSS
Exploits2References5
OSV
OSV
added 2023/01/17 8:15 p.m.9 views

AZL-13027 CVE-2022-36760 affecting package httpd for versions less than 2.4.55-1

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

9CVSS6.6AI score0.01879EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2022/12/16 8:18 p.m.58 views

K23565223: Apache vulnerability CVE-2017-9788

Security Advisory Description In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '='...

9.1CVSS7.2AI score0.5677EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2022/02/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is...

7.5CVSS7.1AI score0.70783EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 6:32 a.m.41 views

Security Bulletin: IBM Tivoli System Automation Application Manager is vulnerable to Apache Log4j vulnerability (CVE-2021-44228)

Summary A vulnerability was identified within the Apache Log4j library that is used by a component of IBM Tivoli System Automation Application Manager. This vulnerability has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

10CVSS3AI score0.99999EPSS
Exploits351Affected Software1
Malwarebytes
Malwarebytes
added 2021/10/11 11:2 a.m.22 views

A week in security (Oct 4 – Oct 10)

Last week on Malwarebytes Labs Does Cybersecurity Awareness Month actually improve security? Police take a piece out of a ransomware gang, but won’t say which one Neiman Marcus data breach affects millions Windows 11 is out. Is it any good for security? Criminals were inside Syniverse for 5 years...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2020/09/02 12:0 a.m.36 views

Western Digital My Cloud Multiple Products < 2.31.183 Multiple Vulnerabilities

Multiple Western Digital My Cloud products are prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...

9CVSS8AI score0.65005EPSS
Exploits9References3
Gitee
Gitee
added 2020/06/18 3:22 p.m.9 views

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly stated, but the repository contains various vulnerable environments and exploits for different vulnerabilities, including CVE-2016-9086, CVE-2017-1000353, CVE-2013-4547,...

9.8CVSS8.1AI score0.99686EPSS
Exploits53
BDU FSTEC
BDU FSTEC
added 2019/12/03 12:0 a.m.4 views

The vulnerability of the mod_cache_socache module in the Apache HTTP Server, related to reading data beyond the buffer’s acceptable limit, allows attackers to cause service failures.

The vulnerability of the modcachesocache module in the Apache HTTP Server relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

5.3CVSS7.5AI score0.70783EPSS
Exploits0References16Affected Software5
Gitee
Gitee
added 2019/10/05 6:47 p.m.5 views

vulhub

It is an offensive tool for Vulnerability Research and Training. The repository, vulhub, contains pre-built vulnerable environments based on Docker-Compose. The primary vulnerability is not explicitly stated, but the repository includes various vulnerable environments, such as Flask SSTI, Apache...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.22 views

F5 Networks BIG-IP : Apache vulnerability (K42644206)

Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager EM andmanaged BIG-IP devices. CVE-2017-6146...

0.7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.29 views

F5 Networks BIG-IP : Apache vulnerability (K65355492)

Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager EM and managed BIG-IP devices. CVE-2018-5506...

9.8CVSS8.4AI score0.0073EPSS
Exploits0References2
OSV
OSV
added 2018/09/25 9:29 p.m.3 views

ALPINE-CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...

5.9CVSS6.9AI score0.51002EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/03 4:23 a.m.29 views

Security Bulletin: Rational Asset Analyzer (RAA) is affected by an Open Source Commons FileUpload Apache vulnerability.

Summary Asset Analyzer RAA has addressed the following vulnerability. Open Source Commons FileUpload Apache Vulnerabilities Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to...

9.8CVSS1.8AI score0.34731EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/31 2:56 a.m.26 views

Security Bulletin: IBM Security Identity Manager is affected by an Apache vulnerability.

Summary IBM Security Identity Manager ISIM has addressed the following vulnerability. Apache Commons FileUpload could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in Novell NetIQ...

9.8CVSS2.6AI score0.34731EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/05/24 12:0 a.m.193 views

F5 Networks BIG-IP : Apache vulnerability (K00373024)

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-en...

7.5CVSS6.4AI score0.13252EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2017/12/20 9:45 p.m.104 views

Apache vulnerability CVE-2017-6146

F5 Product Development has assigned ID 572272 BIG-IP and ID 663962 Enterprise Manager to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to see versions box. To determine if your release is known to be vulnerable, the...

1.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/09/20 12:0 a.m.84 views

FreeBSD : Apache -- HTTP OPTIONS method can leak server memory (76b085e2-9d33-11e7-9260-000c292ee6b8) (Optionsbleed)

The Fuzzing Project reports : Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x...

7.5CVSS6.9AI score0.94999EPSS
Exploits9References2
RedHat Linux
RedHat Linux
added 2016/06/30 9:6 p.m.6 views

wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...

7.5CVSS6.5AI score0.05501EPSS
Exploits0References4
myhack58
myhack58
added 2016/06/22 12:0 a.m.19 views

Theory PHP Common Vulnerabilities first bomb: installation problems-vulnerability warning-the black bar safety net

First get a copy of the source code, certainly is the first install, and the installation file will often appear problem. Generally the installation file after the installation is complete, basically not automatically delete the install file, I encountered will be automatically deleted if it...

7AI score
Exploits0
Rows per page
Query Builder