4 matches found
Astra Linux – Vulnerability in Apache2
The Apache HTTP Server versions 2.4.6 to 2.4.46, with the modproxywstunnel module configured, were used to handle a URL. The origin server did not necessarily upgrade this connection. This setup allowed subsequent requests on the same connection to be processed without any HTTP validation,...
EUVD-2019-7905
Malware in sbrugna...
CVE-2019-17567
Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...
Cacheflow CacheOS 4.1.10016 - HTTP HOST Proxy
source: https://www.securityfocus.com/bid/8584/info Malicious HTTP HOST header field can be used on CacheOS to tunnel arbitrary TCP connections through a HTTP request. It has been reported that CacheFlow CacheOS may allow the misuse of the HOST header value. This may provide for the use of an...