266 matches found
SUSE CVE-2008-0005
modproxyftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting XSS attacks using UTF-7 encoding...
AZL-13027 CVE-2022-36760 affecting package httpd for versions less than 2.4.55-1
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...
K23565223: Apache vulnerability CVE-2017-9788
Security Advisory Description In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '='...
VulnCheck KEV: CVE-2018-1303
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is...
Security Bulletin: IBM Tivoli System Automation Application Manager is vulnerable to Apache Log4j vulnerability (CVE-2021-44228)
Summary A vulnerability was identified within the Apache Log4j library that is used by a component of IBM Tivoli System Automation Application Manager. This vulnerability has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
A week in security (Oct 4 – Oct 10)
Last week on Malwarebytes Labs Does Cybersecurity Awareness Month actually improve security? Police take a piece out of a ransomware gang, but won’t say which one Neiman Marcus data breach affects millions Windows 11 is out. Is it any good for security? Criminals were inside Syniverse for 5 years...
Western Digital My Cloud Multiple Products < 2.31.183 Multiple Vulnerabilities
Multiple Western Digital My Cloud products are prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly stated, but the repository contains various vulnerable environments and exploits for different vulnerabilities, including CVE-2016-9086, CVE-2017-1000353, CVE-2013-4547,...
The vulnerability of the mod_cache_socache module in the Apache HTTP Server, related to reading data beyond the buffer’s acceptable limit, allows attackers to cause service failures.
The vulnerability of the modcachesocache module in the Apache HTTP Server relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to cause service interruptions...
vulhub
It is an offensive tool for Vulnerability Research and Training. The repository, vulhub, contains pre-built vulnerable environments based on Docker-Compose. The primary vulnerability is not explicitly stated, but the repository includes various vulnerable environments, such as Flask SSTI, Apache...
F5 Networks BIG-IP : Apache vulnerability (K42644206)
Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager EM andmanaged BIG-IP devices. CVE-2017-6146...
F5 Networks BIG-IP : Apache vulnerability (K65355492)
Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager EM and managed BIG-IP devices. CVE-2018-5506...
ALPINE-CVE-2018-11763
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...
Security Bulletin: Rational Asset Analyzer (RAA) is affected by an Open Source Commons FileUpload Apache vulnerability.
Summary Asset Analyzer RAA has addressed the following vulnerability. Open Source Commons FileUpload Apache Vulnerabilities Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to...
Security Bulletin: IBM Security Identity Manager is affected by an Apache vulnerability.
Summary IBM Security Identity Manager ISIM has addressed the following vulnerability. Apache Commons FileUpload could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in Novell NetIQ...
F5 Networks BIG-IP : Apache vulnerability (K00373024)
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-en...
Apache vulnerability CVE-2017-6146
F5 Product Development has assigned ID 572272 BIG-IP and ID 663962 Enterprise Manager to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to see versions box. To determine if your release is known to be vulnerable, the...
FreeBSD : Apache -- HTTP OPTIONS method can leak server memory (76b085e2-9d33-11e7-9260-000c292ee6b8) (Optionsbleed)
The Fuzzing Project reports : Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x...
wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)
It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...
Theory PHP Common Vulnerabilities first bomb: installation problems-vulnerability warning-the black bar safety net
First get a copy of the source code, certainly is the first install, and the installation file will often appear problem. Generally the installation file after the installation is complete, basically not automatically delete the install file, I encountered will be automatically deleted if it...