57 matches found
CVE-2023-45648 Apache Tomcat: Trailer header parsing too lenient
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...
CVE-2023-45648
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...
CVE-2023-45648 Apache Tomcat: Trailer header parsing too lenient
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...
PT-2023-6329
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.0-M11 Apache Tomcat versions 10.1.0-M1 through 10.1.13 Apache Tomcat versions 9.0.0-M1 through 9.0.81 Apache Tomcat versions 8.5.0 through 8.5.93 Description The issue is related to improper input...
Fixed in Apache Tomcat 8.5.94
Important: Request smuggling CVE-2023-45648 Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. This was fixe...
Apache Tomcat 10.1.0.M1 < 10.1.14 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 10.1.14. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.14security-10 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11,...
Fixed in Apache Tomcat 11.0.0-M11
Moderate: Open redirect CVE-2023-41080 If the ROOT default web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger a redirect to an URL of the attackers choice. This was fixed with commit e3703c9a. This issue was reported ...
Moderate: Red Hat Security Advisory: httpd and httpd22 security update
Updated httpd and httpd22 packages that fix two security issues are now available for Red Hat JBoss Web Server 2.1.0 for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.0 security update
An update for Red Hat JBoss Web Server 2.1.0 that fixes four security issues is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
CentOS 6 : httpd (CESA-2015:1249)
Updated httpd packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2015:1249 Updated httpd packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scori...
Low: Red Hat Security Advisory: httpd security, bug fix, and enhancement update
Updated httpd packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Mandriva Linux Security Advisory : apache (MDVSA-2015:093)
Updated apache packages fix security vulnerabilities : Apache HTTPD before 2.4.9 was vulnerable to a denial of service in moddav when handling DAVWRITE requests CVE-2013-6438. Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies CVE-2014-0098. A race condition flaw...
RedHat Update for httpd RHSA-2015:0325-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : httpd24 (ALAS-2015-483)
modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access...
MGASA-2014-0527 Updated apache packages fix security vulnerabilities
Updated apache packages fix security vulnerabilities: A NULL pointer dereference flaw was found in the way the modcache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server...
Low: Red Hat Security Advisory: httpd24-httpd security and bug fix update
Updated httpd24-httpd packages that fix two security issues and one bug are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...