5714 matches found
PT-2024-4844
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.62 Description: The issue is related to a Server-side Request Forgery SSRF vulnerability in the mod rewrite module of the Apache HTTP Server on Windows. This vulnerability can be exploited by a remote...
Exploit for Path Traversal in Apache Http_Server
Installation et Exécution du script 💻 Prérequis Avant de...
Exploit for Path Traversal in Apache Http_Server
Installation et Exécution du script 💻 Prérequis Avant de...
EulerOS 2.0 SP9 : httpd (EulerOS-SA-2024-1936)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.CVE-2023-38709...
Security Bulletin: Vulnerability with Perl, Snappy, Psf Request, spring-web-5.3.33.jar , Apache HTTP Server, OpenJDK, affect IBM Cloud Object Storage Systems (July 2024v1)
Summary Vulnerability with Perl CVE-2023-47038, Snappy CVE-2024-36124, Psf Request CVE-2024-35195, spring-web-5.3.33.jar CVE-2024-22262 , Apache HTTP Server, CVE-2024-24795, CVE-2023-38709 OpenJDK CVE-2024-21094, CVE-2024-21011, CVE-2024-21085, CVE-2024-21068, CVE-2024-21012,. This vulnerability...
The vulnerability of the WebSocket protocol in the Apache HTTP Server web server allows a attacker to induce a service failure.
The vulnerability of the WebSocket protocol in the Apache HTTP Server is related to the assignment of a null pointer. Exploiting this vulnerability could allow a malicious actor to cause a service failure...
[SECURITY] [DSA 5729-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5729-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 11, 2024 https://www.debian.org/security/faq -...
USN-6885-2: Apache HTTP Server regression
USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Marc Stern discovered that the Apache HTTP Server...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache HTTP Server regression (USN-6885-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6885-2 advisory. USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP...
RHEL 9 : httpd (RHSA-2024:4504)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4504 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyuwsgi HTTP respon...
Mageia: Security Advisory (MGASA-2024-0258)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
BIT-APACHE-2024-39884 Apache HTTP Server: source code disclosure with handlers configured via AddType
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...
MGASA-2024-0258 Updated apache packages fix security vulnerabilities
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. CVE-2024-36387 Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encodin...
Server Side Request Forgery (SSRF)
Apache HTTP Server 2.4.59 is vulnerable to SSRF. The vulnerability is due to a missing validation in response headers leading to information disclosure, SSRF or local script execution via backend applications which have malicious or exploitable header...
NULL Pointer Dereference
modproxy in Apache HTTP Server is vulnerable to NULL Pointer Dereference. The vulnerability is caused due to not checking pointer reference for NULL before accessing it. This allows an attacker to crash the server via a malicious request...
Authentication Bypass
modproxy in Apache HTTP Server is vulnerable to Authentication Bypass. The vulnerability is caused due to encoding problem. This allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests...
Improper Encoding
Apache HTTP Server is vulnerable to Improper Encoding. The vulnerability is caused due to Substitution encoding issue in modrewrite. This allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to...
PT-2024-5185 · Apache +6 · Apache Http Server +6
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.61 Description: The issue is related to the core of Apache HTTP Server, where a partial fix ignores some use of the legacy content-type based configuration of handlers. This can result in source code disclosure...
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Apache HTTP Server vulnerabilities (USN-6885-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6885-1 advisory. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2...
The vulnerability of the Apache HTTP Server’s kernel, related to the inclusion of functions from an unreliable controlled area, allows attackers to execute arbitrary code.
The vulnerability of the Apache HTTP Server’s kernel is related to the inclusion of functions from an unverified controlled area. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by launching local handlers through internal redirection...