Lucene search
K

11647 matches found

Tenable Nessus
Tenable Nessus
added 2023/01/31 12:0 a.m.52 views

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5834-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5834-1 advisory. It was discovered that the Apache HTTP Server moddav module did not properly handle specially crafted request headers. A remote attacker could possibly u...

9CVSS7.1AI score0.03546EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/01/31 12:0 a.m.37 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1260)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.7AI score0.99999EPSS
Exploits10References4
BDU FSTEC
BDU FSTEC
added 2023/01/31 12:0 a.m.5 views

The vulnerability of the httpd parse_ping_result API of the microprogramming software for InHand Networks’ InRouter302 routers arises from copying buffers without checking the size of the input data. This allows attackers to execute arbitrary code.

The vulnerability of the httpd parsepingresult API of the microprogramming software for InHand Networks InRouter302 lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created...

8.2CVSS7.4AI score0.01255EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/01/30 8:46 p.m.4 views

CLSA-2023-1675111607 httpd: Fix of CVE-2022-36760

CVE-2022-36760: modproxyajp: fix possible HTTP request smuggling...

9CVSS6.8AI score0.01879EPSS
Exploits0References1
OSV
OSV
added 2023/01/30 8:44 p.m.4 views

CLSA-2023-1675111450 httpd: Fix of CVE-2022-36760

CVE-2022-36760: modproxyajp: fix possible HTTP request smuggling...

9CVSS6.8AI score0.01879EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/01/30 12:0 a.m.44 views

EulerOS Virtualization 3.0.2.2 : httpd (EulerOS-SA-2023-1260)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...

9.8CVSS8AI score0.99999EPSS
Exploits10References15
Positive Technologies
Positive Technologies
added 2023/01/29 12:0 a.m.9 views

PT-2023-2262 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.30 through 2.4.55 uWSGI PyPI package versions prior to 2.0.22 Description: The issue is related to HTTP Response Smuggling vulnerability in Apache HTTP Server via mod proxy uwsgi. Special characters in the orig...

9.8CVSS7.1AI score0.8377EPSS
Exploits5References103
OpenVAS
OpenVAS
added 2023/01/29 12:0 a.m.43 views

Fedora: Security Advisory for httpd (FEDORA-2023-f6ff3f85eb)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9CVSS7.7AI score0.01879EPSS
Exploits0References2
Fedora
Fedora
added 2023/01/28 1:27 a.m.63 views

[SECURITY] Fedora 37 Update: httpd-2.4.55-1.fc37

The Apache HTTP Server is a powerful, efficient, and extensible web server...

9CVSS7.5AI score0.57941EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/01/28 12:0 a.m.44 views

SUSE SLES12: apache2 / apache2-doc / apache2-example-pages / apache2-prefork / etc (SUSE-SU-2023:0183-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0183-1 advisory. - CVE-2022-37436: Fixed an issue in modproxy where a malicious backend could cause the response headers to be truncated early,...

9CVSS6.7AI score0.57941EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/01/28 12:0 a.m.40 views

Fedora 37 : httpd (2023-f6ff3f85eb)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f6ff3f85eb advisory. - new version 2.4.55 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

9CVSS7.1AI score0.57941EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/01/27 12:0 a.m.54 views

Rocky Linux 9 : httpd (RLSA-2022:8067)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8067 advisory. - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop...

9.8CVSS8AI score0.90407EPSS
Exploits2References25
OSV
OSV
added 2023/01/26 9:30 p.m.18 views

GHSA-GMHF-37FX-C4Q8 Missing permission checks in Jenkins Orka Plugin allow capturing credentials

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.5AI score0.00769EPSS
Exploits0References2
NVD
NVD
added 2023/01/26 9:18 p.m.21 views

CVE-2023-24432

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS8.7AI score0.00515EPSS
Exploits0References1
Prion
Prion
added 2023/01/26 9:18 p.m.13 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.8CVSS8.7AI score0.00515EPSS
Exploits0References1Affected Software1
F5 Networks
F5 Networks
added 2023/01/24 11:29 p.m.411 views

K21192332: Apache HTTP Server vulnerability CVE-2022-31813

Security Advisory Description Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. CVE-2022-31813 Impact An...

9.8CVSS9.1AI score0.0314EPSS
Exploits1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.6 views

CVE-2023-24433

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.8AI score0.00769EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.31 views

CVE-2023-24433

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5AI score0.00769EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.30 views

CVE-2023-24432

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.9AI score0.00515EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.4 views

PT-2023-19593 · Macstadium +1 · Jenkins Orka By Macstadium Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Orka by MacStadium Plugin versions 1.31 and earlier Description: The issue is related to missing permission checks, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specifi...

6.5CVSS6.2AI score0.00769EPSS
Exploits0References5
Rows per page
Query Builder