61078 matches found
KLA91019 Multiple vulnerabilities in Apache HTTP Server
Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, bypass security restrictions, execute arbitrary code, inject malicious code, gain privileges. Below is a complete list of...
Astra Linux – Vulnerability in Batik
A Server-Side Request Forgery SSRF vulnerability exists in the Batik of Apache XML Graphics, allowing attackers to retrieve external resources. This issue affects Apache XML Graphics Batik version 1.14...
Astra Linux – Vulnerability in Tomcat9
DoS attack due to a vulnerability related to incomplete cleanup in Apache Tomcat. WebSocket clients were able to keep WebSocket connections open, leading to increased resource consumption. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18,...
Astra Linux – Vulnerability in Apache2
The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large inputs using aprwrite or aprputs. This issue can occur, for example, when using the modluas r:puts function. Modules that are compiled and distribute...
Astra Linux – Vulnerability in Batik
A Server-Side Request Forgery SSRF vulnerability exists in Batik of Apache XML Graphics, allowing an attacker to load a URL through the jar protocol. This issue affects Apache XML Graphics Batik 1.14...
Astra Linux – Vulnerability in Apache2
In some modssl configurations on the Apache HTTP Server 2.4.35 to 2.4.63, it is possible for trusted clients to bypass access controls using TLS 1.3 session resumption. These configurations are affected when modssl is configured for multiple virtual hosts, with each virtual host restricted to a...
Astra Linux – Vulnerability in Apache2
Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...
Astra Linux – Vulnerability in Apache2
HTTP/2 incoming headers that exceed the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client continues to send headers, this can lead to memory exhaustion...
Astra Linux – Vulnerability in Apache2
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...
Astra Linux – Vulnerability in Apache2
Apache HTTP Server 2.4.65 and earlier, with Server Side Includes SSI enabled and modcgid but not modcgi, pass the shell-escaped query string to the exec cmd="..." directives. This issue affects Apache HTTP Server versions prior to 2.4.66. Users are recommended to upgrade to version 2.4.66, which...
Astra Linux – Vulnerability in Apache2
An integer overflow occurs when attempting to renew an ACME certificate. After several attempts approximately 30 days under default configurations, the backoff timer becomes 0. Subsequent attempts to renew the certificate are repeated without delay until success is achieved. This issue affects th...
Astra Linux – Vulnerability in Apache2
Improper neutralization of vulnerabilities related to escape, meta, or control sequences in the Apache HTTP Server, caused by unexpected overrides of variables calculated by the server for CGI programs, through environment variables set via Apache configuration. This issue affects the Apache HTTP...
Astra Linux – Vulnerability in Thrift
In Apache Thrift versions 0.9.3 to 0.13.0, malicious RPC clients could send short messages, resulting in a large memory allocation and potentially causing a denial of service...
Astra Linux – Vulnerability in Apache2
When an HTTP/2 stream is reset by a client via an RST frame, there is a time window during which the memory resources associated with the request are not immediately reclaimed. Instead, the deallocation of these resources is delayed until after the connection is closed. This allows clients to...
Astra Linux – Vulnerability in Apache2
In some modssl configurations of the Apache HTTP Server, from versions up to 2.4.63, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session through a TLS upgrade. Only configurations that use “SSLEngine optional” to enable TLS upgrades are affected. Users a...
Astra Linux – Vulnerability in Apache2
A potential vulnerability in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly set up URLs to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
Astra Linux – Vulnerability in Apache2
In Apache HTTP Server 2.4.59 and earlier, a null pointer dereference vulnerability in modproxy allows an attacker to crash the server through a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
Astra Linux – Vulnerability in Apache2
There is a vulnerability in the core of the Apache HTTP Server version 2.4.59 and earlier. This vulnerability allows for information disclosure, SSRF attacks, or local script execution through backend applications whose response headers are malicious or exploitable. Users are recommended to upgra...
Astra Linux – Vulnerability in Apache2
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL. This enables the attacker to execute code or disclose...
Astra Linux – Vulnerability in Apache2
A encoding issue in the modproxy component of the Apache HTTP Server 2.4.59 and earlier versions allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication through crafted requests. Users are recommended to upgrade to version 2.4.60, which fix...