Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773-Po...

Astra Linux - уязвимость в apache2

A potential vulnerability in modrewrite in the Apache HTTP Server 2.4.59 and earlier versions allows an attacker to cause unsafe RewriteRules to unexpectedly set up URLs to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

Astra Linux - уязвимость в apache2

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL. This enables the attacker to execute code or disclose...

Astra Linux - уязвимость в apache2

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some uses of the legacy content-type-based configuration of handlers. Configurations like “AddType” and similar ones, under certain circumstances where files are requested indirectly, can lead to exposure of local...

Astra Linux - уязвимость в apache2

There is a vulnerability in the core of the Apache HTTP Server version 2.4.59 and earlier. This vulnerability allows for information disclosure, SSRF attacks, or local script execution through backend applications whose response headers are malicious or exploitable. Users are recommended to upgra...

Astra Linux - уязвимость в modsecurity-apache

ModSecurity is an open-source, cross-platform Web application firewall WAF engine for Apache, IIS, and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in a specific scenario: when the payload’s content type is application/json, and there is at least one rule that...

Astra Linux - уязвимость в apache2

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

Astra Linux - уязвимость в apache2

Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in modproxyajp of the Apache HTTP Server allows an attacker to secretly send requests to the AJP server to which the server forwards requests. This issue affects the Apache HTTP Server version 2.4.53 and...

Astra Linux - уязвимость в apache2

The out-of-bounds write vulnerability in the modsed module of the Apache HTTP Server allows an attacker to overwrite heap memory with data provided by the attacker. This issue affects Apache HTTP Server version 2.4.2.52 and earlier versions...

Astra Linux - уязвимость в apr-util

An integer overflow or wrap-around vulnerability in the aprbase64 functions of the Apache Portable Runtime Utility APR-util allows an attacker to write beyond the bounds of a buffer. This issue affects Apache Portable Runtime Utility APR-util version 1.6.1 and earlier...

Astra Linux - уязвимость в apache2

In some modssl configurations of the Apache HTTP Server, from versions up to 2.4.63, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session through a TLS upgrade. Only configurations that use “SSLEngine optional” to enable TLS upgrades are affected. Users a...

Astra Linux - уязвимость в apache2

The Apache HTTP Server versions 2.4.6 to 2.4.46, with the modproxywstunnel module configured, were used to handle a URL. The origin server did not necessarily upgrade this connection. This setup allowed subsequent requests on the same connection to be processed without any HTTP validation,...

Astra Linux - уязвимость в tomcat9

There is an improper input validation vulnerability in Apache Tomcat. In versions of Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82, and from 8.5.0 through 8.5.95, HTTP trailer headers were not parsed correctly. A trailer header that exceede...

Astra Linux - уязвимость в apache2

A substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attackers to execute scripts in directories permitted by the configuration, but these directories are not directly accessible via URLs. Additionally, the source of these scripts may not be disclosed, as th...

Astra Linux - уязвимость в apache2

A encoding problem in the modproxy component of the Apache HTTP Server 2.4.59 and earlier versions allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication through crafted requests. It is recommended that users upgrade to version 2.4.60, as...

Astra Linux - уязвимость в apache2

A properly crafted URI sent to httpd, configured as a forward proxy with ProxyRequests enabled, can cause a crash NULL pointer dereference. In configurations that mix forward and reverse proxy declarations, it can also allow requests to be directed to a declared Unix Domain Socket endpoint...

Astra Linux - уязвимость в apache-log4j1.2

CVE-2020-9493 identified a deserialization issue present in Apache Chainsaw. Prior to Chainsaw V2.0, Chainsaw was a component of Apache Log4j 1.2.x, and the same issue still exists there...

Astra Linux - уязвимость в apache2

The Apache HTTP Server protocol handler for the HTTP/2 protocol checks the received request headers against the size limitations configured for the server. These restrictions are also applied to the HTTP/1 protocol. If any violations occur, an HTTP response is sent to the client with a status cod...

Astra Linux - уязвимость в apache2

In some modssl configurations on the Apache HTTP Server 2.4.35 through 2.4.63, it is possible for trusted clients to bypass access controls using TLS 1.3 session resumption. These configurations are affected when modssl is configured for multiple virtual hosts, with each virtual host being...

Astra Linux - уязвимость в thrift

In Apache Thrift versions 0.9.3 to 0.13.0, malicious RPC clients could send short messages, resulting in a large memory allocation and potentially causing a denial of service...