CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5713 matches found

RedHat Linux•added 2024/07/25 8:34 a.m.•2 views

httpd: NULL pointer dereference in mod_proxy

A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service...

7.5CVSS7AI score0.01924EPSS

Exploits0References5

VulnCheck KEV•added 2024/07/25 12:0 a.m.•0 views

VulnCheck KEV: CVE-2023-25690

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

9.8CVSS6.8AI score0.67011EPSS

Exploits5References1

Tenable Nessus•added 2024/07/25 12:0 a.m.•39 views

RHEL 9 : httpd (RHSA-2024:4863)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4863 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Substitution...

9.8CVSS8.2AI score0.93858EPSS

Exploits1References8

RedHat Linux•added 2024/07/24 1:18 p.m.•4 views

httpd: NULL pointer dereference in mod_proxy

7.5CVSS7AI score0.01924EPSS

Exploits0References5

RedHat Linux•added 2024/07/24 12:40 p.m.•3 views

httpd: NULL pointer dereference in mod_proxy

7.5CVSS7AI score0.01924EPSS

Exploits0References5

Tenable Nessus•added 2024/07/24 12:0 a.m.•43 views

RHEL 8 : httpd:2.4 (RHSA-2024:4827)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4827 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Substitution...

9.8CVSS8.2AI score0.93858EPSS

Exploits1References8

Tenable Nessus•added 2024/07/24 12:0 a.m.•50 views

RHEL 8 : httpd:2.4 (RHSA-2024:4830)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4830 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Substitution...

9.8CVSS8.2AI score0.93858EPSS

Exploits1References8

Amazon•added 2024/07/24 12:0 a.m.•50 views

Important: httpd24

Issue Overview: Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are...

9.8CVSS8.3AI score0.93858EPSS

Exploits1

Tenable Nessus•added 2024/07/24 12:0 a.m.•40 views

RHEL 8 : httpd:2.4 (RHSA-2024:4820)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4820 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Substitution...

9.8CVSS8.2AI score0.93858EPSS

Exploits1References8

RedHat Linux•added 2024/07/23 8:57 a.m.•500 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7AI score0.93858EPSS

Exploits2References6

OSV•added 2024/07/23 7:16 a.m.•32 views

BIT-APACHE-2024-40725 Apache HTTP Server: source code disclosure with handlers configured via AddType

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

5.3CVSS6.6AI score0.25097EPSS

Exploits3References3

OSV•added 2024/07/23 7:16 a.m.•45 views

BIT-APACHE-2024-40898 Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows

SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...

9.1CVSS7.3AI score0.00735EPSS

Exploits5References4

Tenable Nessus•added 2024/07/23 12:0 a.m.•241 views

RHEL 8 : httpd:2.4 (RHSA-2024:4720)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4720 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem...

9.8CVSS7.7AI score0.93858EPSS

Exploits2References12

OSV•added 2024/07/23 12:0 a.m.•41 views

ALSA-2024:4726 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Improper escaping of output in modrewrite CVE-2024-38475 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: null pointer dereference in modproxy...

9.8CVSS8AI score0.93858EPSS

Exploits2References12

Tenable Nessus•added 2024/07/23 12:0 a.m.•48 views

RHEL 9 : httpd (RHSA-2024:4726)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4726 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Improper escapin...

9.8CVSS7.7AI score0.93858EPSS

Exploits2References12

AlmaLinux•added 2024/07/23 12:0 a.m.•54 views

Important: httpd security update

9.8CVSS7.3AI score0.93858EPSS

Exploits2References12

Tenable Nessus•added 2024/07/23 12:0 a.m.•61 views

Amazon Linux 2 : httpd (ALAS-2024-2594)

The version of httpd installed on the remote host is prior to 2.4.61-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2594 advisory. Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sen...

9.8CVSS8.1AI score0.93858EPSS

Exploits2References16

Tenable Nessus•added 2024/07/23 12:0 a.m.•47 views

RHEL 8 : httpd:2.4 (RHSA-2024:4719)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4719 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Substitution...

9.8CVSS8.2AI score0.93858EPSS

Exploits1References8

RedhatCVE•added 2024/07/22 5:37 p.m.•42 views

CVE-2024-40898

A flaw was found in HTTPd on Windows systems. This issue potentially allows NTLM hashes to be leaked via modrewrite in server/vhost context to a malicious server via Server-side request forgery SSRF and malicious requests or content. Mitigation Mitigation for this issue is either not available or...

7.5CVSS8.9AI score0.00735EPSS

Exploits5References4