59979 matches found
Astra Linux - уязвимость в apache2
Splitting of HTTP responses within the core of the Apache HTTP Server allows attackers who can manipulate the Content-Type response headers of applications hosted or proxied by the server to split the HTTP response. This vulnerability was identified as CVE-2023-38709, but the patch included in...
Astra Linux - уязвимость в apache2
The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large inputs using aprwrite or aprputs. This issue can occur, for example, when using the modluas r:puts function. Modules that are compiled and distribute...
Astra Linux - уязвимость в apache2
An attacker who opened an HTTP/2 connection with an initial window size of 0 was able to block the handling of that connection indefinitely in the Apache HTTP Server. This could be used to exhaust server resources, similar to the well-known “slow loris” attack pattern. This issue has been fixed i...
Astra Linux - уязвимость в apache2
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch, especially when an extremely large input buffer is used. Although no code distributed with the server can be forced to make such a call, third-party modules or Lua scripts that us...
Astra Linux - уязвимость в modsecurity-apache
ModSecurity is an open-source, cross-platform Web Application Firewall WAF engine for Apache, IIS, and Nginx. Versions prior to 2.9.10 contain a denial-of-service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg – it’s the same action, just an alias...
Astra Linux - уязвимость в apache2
Apache HTTP Server 2.4.53 and earlier may return incorrect lengths when applications call r:wsread, causing the buffer to point past the end of the storage allocated for it...
Astra Linux - уязвимость в batik
A vulnerability in Batik of Apache XML Graphics allows an attacker to execute untrusted Java code from an SVG. This issue affects Apache XML Graphics versions prior to 1.16. It is recommended to update to version 1.16...
Astra Linux - уязвимость в apache2
Splitting HTTP responses across multiple modules in the Apache HTTP Server allows an attacker who can inject malicious response headers into backend applications to carry out an HTTP desynchronization attack. It is recommended that users upgrade to version 2.4.59, as this issue has been fixed in...
Astra Linux - уязвимость в apache2
An HTTP response smuggling vulnerability exists in the Apache HTTP Server via modproxyuwsgi. This issue affects the Apache HTTP Server version 2.4.30 through 2.4.55. Special characters in the origin response header can cause the response forwarded to the client to be truncated or split...
Astra Linux - уязвимость в batik
A Server-Side Request Forgery SSRF vulnerability exists in the Batik of Apache XML Graphics, allowing attackers to access files using a Jar URL. This issue affects Apache XML Graphics Batik 1.14...
Astra Linux - уязвимость в apache2
Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...
Astra Linux - уязвимость в apache2
A out-of-bounds read vulnerability exists in the modmacro module of the Apache HTTP Server. This issue affects the Apache HTTP Server version up to 2.4.57...
Astra Linux - уязвимость в puma
Puma is an HTTP 1.1 server for Ruby/Rack applications. Before versions 5.5.1 and 4.3.9, using “puma” with a proxy that forwards HTTP header values containing the LF character could lead to HTTP request smuggling. A client could secretly send a request through a proxy, causing the proxy to send a...
Astra Linux - уязвимость в apache2
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...
Astra Linux - уязвимость в apache2
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on the client-side Connection header hop-by-hop mechanism. This could be used to bypass IP-based authentication on the origin server/application...
Astra Linux - уязвимость в tomcat9
There is an occasional URL redirection to untrusted sites, a vulnerability in Apache Tomcat via the LoadBalancerDrainingValve mechanism. This issue affects Apache Tomcat: versions from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, and from 8.5.30 throu...
Astra Linux - уязвимость в apache2
Apache HTTP Server 2.4.65 and earlier, with Server Side Includes SSI enabled and modcgid but not modcgi, pass the shell-escaped query string to the exec cmd="..." directives. This issue affects Apache HTTP Server versions prior to 2.4.66. Users are recommended to upgrade to version 2.4.66, which...
Astra Linux - уязвимость в tomcat9
The Padding Oracle vulnerability exists in Apache Tomcat’s EncryptInterceptor with the default configuration. This issue affects Apache Tomcat: versions 11.0.0-M1 through 11.0.18, 10.0.0-M1 through 10.1.52, 9.0.13 through 9.0.115, 8.5.38 through 8.5.100, and 7.0.100 through 7.0.109. Users are...
Astra Linux - уязвимость в apache2
Apache HTTP Server versions 2.4.0 to 2.4.46: A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor can the Apache HTTP Server team have created such a report. However, certain compilers and/or compilation options...
Astra Linux - уязвимость в apache2
When an HTTP/2 stream was reset by a client, there was a time window during which the memory resources associated with the request were not immediately reclaimed. Instead, the de-allocation of those resources was delayed until after the connection was closed. This allowed clients to continue...