59979 matches found
Astra Linux - уязвимость в batik
A Server-Side Request Forgery SSRF vulnerability exists in the Batik of Apache XML Graphics, allowing attackers to retrieve external resources. This issue affects Apache XML Graphics Batik version 1.14...
Astra Linux - уязвимость в apache2
In some modssl configurations on the Apache HTTP Server 2.4.35 through 2.4.63, it is possible for trusted clients to bypass access controls using TLS 1.3 session resumption. These configurations are affected when modssl is configured for multiple virtual hosts, with each virtual host being...
Astra Linux - уязвимость в tomcat9
There is an vulnerability related to improper input validation in Apache Tomcat. Tomcat does not restrict HTTP/0.9 requests to only the GET method. If a security constraint is configured to allow HEAD requests to a URI but deny GET requests, users could bypass this constraint on GET requests by...
Astra Linux - уязвимость в apache2
A regression in Apache HTTP Server 2.4.60 ignores some uses of the legacy content-type-based configuration for handlers. Configurations like “AddType” and similar settings, under certain circumstances where files are requested indirectly, lead to exposure of local content in the source code. For...
Astra Linux - уязвимость в tomcat9
There is a vulnerability in Apache Tomcat known as “Allocation of Resources Without Limits or Throttling”. This issue affects Apache Tomcat versions ranging from 11.0.0-M1 to 11.0.21, from 10.1.0-M1 to 10.1.54, and from 9.0.0.M1 to 9.0.117. Older, unsupported versions may also be affected. It is...
Astra Linux - уязвимость в apache2
In the Apache HTTP Server with modproxy loaded, SSRF allows an attacker to send outbound proxy requests to a URL controlled by the attacker. This requires a unusual configuration where modheaders is used to modify the Content-Type header of the request or response, with a value provided in the HT...
Astra Linux - уязвимость в apache2
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a Lua script that calls r:parsebody0 may cause a denial of service due to the lack of a default limit on the possible input size...
Astra Linux - уязвимость в apache2
An integer overflow occurs when attempting to renew an ACME certificate. After several attempts approximately 30 days under default configurations, the backoff timer becomes 0. Subsequent attempts to renew the certificate are repeated without delay until success is achieved. This issue affects th...
Astra Linux - уязвимость в apache2
A double-free operation and potential RCE vulnerability exist in the Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server version 2.4.66. Users are recommended to upgrade to version 2.4.67, as this version fixes the vulnerability...
Astra Linux - уязвимость в apache2
In Apache HTTP Server 2.4.59 and earlier, a null pointer dereference vulnerability in modproxy allows an attacker to crash the server through a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
Astra Linux - уязвимость в apache2
Improper neutralization of vulnerabilities related to escape, meta, or control sequences in the Apache HTTP Server, caused by environment variables set through Apache configuration, which unexpectedly override variables calculated by the server for CGI programs. This issue affects the Apache HTTP...
Astra Linux - уязвимость в tomcat9
DEPRECATED: There is a vulnerability related to authentication bypass in digest authentication in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, 9.0.0.M1 through 9.0.117, 8.5.0 through 8.5.100, and versions prior to 7.0.0...
Astra Linux - уязвимость в apache2
apescapequotes may write beyond the end of a buffer when given malicious input. None of the included modules passes untrusted data to these functions, but third-party/external modules may do so. This issue affects Apache HTTP Server 2.4.48 and earlier...
Astra Linux - уязвимость в apache2
A properly crafted request URI-path can cause modproxy to forward the request to an origin server chosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...
Astra Linux - уязвимость в batik
A Server-Side Request Forgery SSRF vulnerability exists in Batik of Apache XML Graphics, allowing an attacker to load a URL through the jar protocol. This issue affects Apache XML Graphics Batik 1.14...
Astra Linux - уязвимость в apache2
A carefully crafted request body can cause a read to a random memory area, which may lead to the process crashing. This issue affects Apache HTTP Server 2.4.52 and earlier...
Astra Linux - уязвимость в tomcat9
DoS attack due to a vulnerability related to incomplete cleanup in Apache Tomcat. WebSocket clients were able to keep WebSocket connections open, leading to increased resource consumption. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18,...
Astra Linux - уязвимость в apache2
If the Apache HTTP Server 2.4.53 is configured to perform transformations using modsed, especially in contexts where the input to modsed can be very large, modsed may cause excessive memory allocation and trigger an abort...
Astra Linux - уязвимость в tomcat9
Apache Tomcat has a relative path traversal vulnerability. The fix for bug 60013 introduced a regression, where the rewritten URL was normalized before being decoded. This created the possibility that, for rewrite rules that rewrite query parameters into the URL, an attacker could manipulate the...
Astra Linux - уязвимость в apache2
Splitting of HTTP responses within the core of the Apache HTTP Server allows attackers who can manipulate the Content-Type response headers of applications hosted or proxied by the server to split the HTTP response. This vulnerability was identified as CVE-2023-38709, but the patch included in...