Lucene search
K

622 matches found

OSV
OSV
added 2024/09/09 10:55 a.m.29 views

SUSE-SU-2024:3172-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-38474: Fixed substitution encoding issue in modrewrite bsc1227278 - CVE-2024-38473: Fixed encoding problem in modproxy bsc1227276 - CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType bsc1227353...

9.8CVSS7.8AI score0.25878EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 7:12 p.m.84 views

Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java which is included as part of IBM Tivoli Monitoring ITM portal server. have been remediated. Vulnerability Details CVEID:CVE-2024-38472 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request...

9.8CVSS9.8AI score0.99957EPSS
Exploits8Affected Software1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.192 views

LiteSpeed Source Code Disclosure/Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LiteSpeed Source Code Disclosure/Download', 'Description' = %q This module exploits a source code disclosure/download vulnerability in versions...

5CVSS7AI score0.60196EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2024/08/31 12:0 a.m.32 views

SUSE SLES12: apache2 / apache2-devel / apache2-doc / apache2-example-pages / etc (SUSE-SU-2024:3061-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3061-1 advisory. - CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType bsc1227353 Tenable has extracted the preceding descripti...

6.2CVSS6.8AI score0.00889EPSS
Exploits0References4
OSV
OSV
added 2024/08/29 7:14 a.m.19 views

SUSE-SU-2024:3061-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType bsc1227353...

6.2CVSS6.7AI score0.00889EPSS
Exploits0References3
OSV
OSV
added 2024/08/27 7:55 p.m.4 views

CLSA-2024-1724788546 Fix of 5 CVEs

SECURITY UPDATE: http server use exploitable/malicious backend application - debian/patches/CVE-2024-38476.patch: prevent server usage of exploitable/malicious backend application output to run local handlers via internal redirect - CVE-2024-38476 SECURITY UPDATE: modules regression introduced by...

9.8CVSS7.1AI score0.99957EPSS
Exploits4References1
OSV
OSV
added 2024/08/26 9:14 p.m.6 views

CLSA-2024-1724706840 httpd: Fix of 8 CVEs

CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: modrewrite: server weakness in modrewrite when first segment of substitution matches filesystem path - CVE-2024-38477: modproxy: crash resulting in Denial of Service in modproxy via a...

9.8CVSS7.1AI score0.99957EPSS
Exploits5References1
OSV
OSV
added 2024/08/22 6:31 p.m.7 views

CLSA-2024-1724351427 httpd: Fix of 9 CVEs

CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: modrewrite: server weakness in modrewrite when first segment of substitution matches filesystem path - CVE-2024-38477: modproxy: crash resulting in Denial of Service in modproxy via a...

9.8CVSS7.1AI score0.99957EPSS
Exploits5References1
Amazon
Amazon
added 2024/08/15 12:0 a.m.72 views

Important: httpd

Issue Overview: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosu...

6.2CVSS7.1AI score0.04134EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2024/08/13 1:6 p.m.4 views

httpd: Improper escaping of output in mod_rewrite

A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...

9.1CVSS7.4AI score0.99957EPSS
Exploits1References6
OSV
OSV
added 2024/08/07 7:33 p.m.6 views

CLSA-2024-1723059198 httpd: Fix of 3 CVEs

CVE-2024-39884: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-38476 fix. - CVE-2024-40725: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-39884 fix...

9.8CVSS7AI score0.41611EPSS
Exploits3References1
F5 Networks
F5 Networks
added 2024/08/05 8:45 a.m.42 views

K000140579: Apache vulnerability CVE-2024-39884

Security Advisory Description A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of...

6.2CVSS6.4AI score0.00889EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/29 2:36 p.m.105 views

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server (CVE-2024-40898, CVE-2024-40725)

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-40898 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error...

9.1CVSS7.1AI score0.04134EPSS
Exploits5Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/07/27 12:0 a.m.42 views

CBL Mariner 2.0 Security Update: httpd (CVE-2024-40725)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40725 advisory. - A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy...

6.2CVSS7AI score0.04134EPSS
Exploits3References2
Microsoft CVE
Microsoft CVE
added 2024/07/26 7:0 a.m.8 views

Apache HTTP Server: source code disclosure with handlers configured via AddType

...

5.3CVSS6.9AI score0.04134EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2024/07/24 12:40 p.m.2 views

httpd: Improper escaping of output in mod_rewrite

A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...

9.1CVSS7.4AI score0.99957EPSS
Exploits1References6
Mageia
Mageia
added 2024/07/20 9:22 p.m.62 views

Updated apache packages fix security vulnerabilities

CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...

9.1CVSS7.1AI score0.04134EPSS
Exploits5References2
OSV
OSV
added 2024/07/20 9:22 p.m.42 views

MGASA-2024-0272 Updated apache packages fix security vulnerabilities

CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...

9.1CVSS6.8AI score0.04134EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2024/07/20 12:0 a.m.30 views

CBL Mariner 2.0 Security Update: httpd (CVE-2024-39884)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39884 advisory. - A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based...

6.2CVSS7.1AI score0.00889EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/07/19 7:0 a.m.4 views

Apache HTTP Server: source code disclosure with handlers configured via AddType

...

6.2CVSS6.7AI score0.00889EPSS
Exploits0
Rows per page
Query Builder