PT-2024-5848

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.59 and earlier Description The issue is related to a substitution encoding problem in the mod rewrite module of the Apache HTTP Server, allowing an attacker to execute scripts in directories permitted by the...

KLA70199 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Security vulnerability in SSRF can be exploited to bypass...

PT-2024-4830 · Apache +2 · Apache Http Server +2

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.60 Description: The issue is related to Server-Side Request Forgery SSRF in the Apache HTTP Server on Windows, which can potentially leak NTLM hashes to a malicious server via SSRF and malicious reques...

Apache HTTP Server < 2.4.60 Multiple Vulnerabilities - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

Apache 2.4.x < 2.4.60 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.60. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.60 advisory. - Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash o...

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CVE-2024-34102 Usage bash python3 CVE-2024-34102.py...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2024-27316]

Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to a denial of service attack due to no limit of continuation fames in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in t...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2024-24795, CVE-2023-38709]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2024-24795, CVE-2023-38709 Vulnerability Details Refer to the security bulletins listed in the...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1836)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2023-52425]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2023-52425 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

CVE-2024-29012

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service DoS via sscanf function...

CVE-2024-29012

This CVE affects SonicOS HTTP server components in SonicWall SonicOS. The vulnerability is a stack-based buffer overflow in the HTTP server triggered through the sscanf function, allowing an authenticated remote attacker to cause Denial of Service (DoS). The SonicWall PSIRT notes there is no know...

CVE-2024-29012

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service DoS via sscanf function...

CVE-2024-29012

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service DoS via sscanf function...

Stack-based buffer overflow vulnerability in SonicOS HTTP server

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service DoS via sscanf function.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and malicious use of this...

PT-2024-22671 · Sonicos · Sonicos

Name of the Vulnerable Software and Affected Versions: SonicOS affected versions not specified Description: A stack-based buffer overflow issue in the SonicOS HTTP server allows an authenticated remote attacker to cause a Denial of Service DoS via the sscanf function. Recommendations: At the...

CVE-2024-6146

Actiontec WCB6200Q uhgetpostdatawithupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this...

CVE-2024-6145

Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exis...

CVE-2024-6144

Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this...

CVE-2024-6146

Actiontec WCB6200Q uhgetpostdatawithupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this...