11647 matches found
Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5834-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5834-1 advisory. It was discovered that the Apache HTTP Server moddav module did not properly handle specially crafted request headers. A remote attacker could possibly u...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1260)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the httpd parse_ping_result API of the microprogramming software for InHand Networks’ InRouter302 routers arises from copying buffers without checking the size of the input data. This allows attackers to execute arbitrary code.
The vulnerability of the httpd parsepingresult API of the microprogramming software for InHand Networks InRouter302 lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created...
CLSA-2023-1675111607 httpd: Fix of CVE-2022-36760
CVE-2022-36760: modproxyajp: fix possible HTTP request smuggling...
CLSA-2023-1675111450 httpd: Fix of CVE-2022-36760
CVE-2022-36760: modproxyajp: fix possible HTTP request smuggling...
EulerOS Virtualization 3.0.2.2 : httpd (EulerOS-SA-2023-1260)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...
PT-2023-2262 · Apache +10 · Apache Http Server +10
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.30 through 2.4.55 uWSGI PyPI package versions prior to 2.0.22 Description: The issue is related to HTTP Response Smuggling vulnerability in Apache HTTP Server via mod proxy uwsgi. Special characters in the orig...
Fedora: Security Advisory for httpd (FEDORA-2023-f6ff3f85eb)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 37 Update: httpd-2.4.55-1.fc37
The Apache HTTP Server is a powerful, efficient, and extensible web server...
SUSE SLES12: apache2 / apache2-doc / apache2-example-pages / apache2-prefork / etc (SUSE-SU-2023:0183-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0183-1 advisory. - CVE-2022-37436: Fixed an issue in modproxy where a malicious backend could cause the response headers to be truncated early,...
Fedora 37 : httpd (2023-f6ff3f85eb)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f6ff3f85eb advisory. - new version 2.4.55 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...
Rocky Linux 9 : httpd (RLSA-2022:8067)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8067 advisory. - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop...
GHSA-GMHF-37FX-C4Q8 Missing permission checks in Jenkins Orka Plugin allow capturing credentials
Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-24432
A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
K21192332: Apache HTTP Server vulnerability CVE-2022-31813
Security Advisory Description Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. CVE-2022-31813 Impact An...
CVE-2023-24433
Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-24433
Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-24432
A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
PT-2023-19593 · Macstadium +1 · Jenkins Orka By Macstadium Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Orka by MacStadium Plugin versions 1.31 and earlier Description: The issue is related to missing permission checks, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specifi...