CVE-2023-22019

CVE-2023-22019 affects Oracle HTTP Server (Web Listener) within Oracle Fusion Middleware, specifically version 12.2.1.4.0. The vulnerability enables an unauthenticated attacker with network access via HTTP to compromise the server and potentially access all Oracle HTTP Server data. CVSS 3.1 base ...

CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability

On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software. IOS XE is an operating system that runs on a wide range of Cisco networking devices,...

Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild

Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that's under active exploitation in the wild. Rooted in the web UI feature, the zero-day vulnerability is tracked as CVE-2023-20198 and has been assigned the maximum severity rating of 10.0 on the CVSS scoring syste...

Exploit for Out-of-bounds Write in Haxx Libcurl

CVE-2023-38545: Curl Vulnerability Proof of Concept This repos...

Security Bulletin: Multiple Security vulnerabilities in IBM Java in FileNet Content Manager

Summary Multiple Security vulnerabilities in IBM Java in FileNet Content Manager, affected, not vulnerable Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request,...

CVE-2023-35055

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

Exploit for Race Condition in Microsoft

CVE-2023-36884: MS Office HTML RCE with crafted documents On...

USN-6399-1: Puma vulnerability

It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP request Smuggling attack...

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-006)

The version of ruby installed on the remote host is prior to 2.6.7-126. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-006 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP...

Rocky Linux 8 : httpd:2.4 (RLSA-2023:5050)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5050 advisory. - HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special...

AlmaLinux 8 : httpd:2.4 (ALSA-2023:5050)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5050 advisory. httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. No...

Oracle Linux 8 : httpd:2.4 (ELSA-2023-5050)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5050 advisory. - Resolves: 2176723 - CVE-2023-27522 httpd:2.4/httpd: modproxyuwsgi HTTP response splitting - Resolves: 2190133 - modrewrite regression with CVE-2023-25690 -...

httpd: mod_proxy_uwsgi HTTP response splitting

An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via modproxyuwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client...

CentOS 8 : httpd:2.4 (CESA-2023:5050)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:5050 advisory. - HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special...

CVE-2014-5329

GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...

Race condition

GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...

CVE-2014-5329

GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...

CVE-2014-5329

CVE-2014-5329 leverages a flaw in Apache HTTP Server (CVE-2011-3192) on the 8001/tcp admin interface. The root cause is improper handling of Range headers, enabling a DoS condition. Public sightings reference an Apache Range DoS (e.g., Metasploit module) and multiple advisories (CentOS/CESA, Amaz...

Oracle Linux 7 : httpd24-httpd (ELSA-2015-1666)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1666 advisory. - core: fix chunk header parsing defect CVE-2015-3183 - core: replace of apsomeauthrequired with apsomeauthnrequired and apforceauthn hook CVE-2015-318...

Oracle Linux 8 : httpd:2.4 (ELSA-2019-3436)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3436 advisory. - In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid...