4432 matches found
Null pointer dereference
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...
CVE-2021-41524
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...
CVE-2021-41524 null pointer dereference in h2 fuzzing
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...
CVE-2021-41524
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...
CVE-2021-41524
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...
CVE-2021-41524
CVE-2021-41524 affects Apache HTTP Server (httpd) 2.4.49, where a null pointer dereference during HTTP/2 request processing can allow external sources to cause a DoS. The flaw was introduced with 2.4.49; no public exploit is shown in the documents. Check Point’s November 2021 advisory maps this C...
Apache 2.4.49 < 2.4.50 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is 2.4.49. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.50 advisory. - While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external...
Jetty < 9.4.21 Multiple Vulnerabilities
According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.21. It is, therefore, affected by multiple vulnerabilities: - Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service...
Apache Httpd < 2.4.50 : null pointer dereference in h2 fuzzing
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...
USN-5090-4: Apache HTTP Server regression
USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote...
USN-5090-3: Apache HTTP Server regression
USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote...
Ubuntu 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-5090-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5090-1 advisory. James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possib...
Updated apache packages fix security vulnerability
A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. CVE-2021-33193 Malformed requests may cause the server to dereference a NULL pointer. CVE-2021-34798 A carefully crafted request uri-path can cause...
Security Bulletin: Vulnerabilities in Apache Tomcat affect Power Hardware Management Console (CVE-2016-6816, CVE-2016-6817, and CVE-2016-0762)
Summary Apache Tomcat is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6816 DESCRIPTION: Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote...
Apache >= 2.4.17 < 2.4.49 mod_http2
The version of Apache httpd installed on the remote host is greater than 2.4.17 and prior to 2.4.49. It is, therefore, affected by a vulnerability as referenced in the 2.4.49 changelog. A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to...
Apache 2.4.x < 2.4.49 Multiple Vulnerabilities
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.49. It is, therefore, affected by multiple vulnerabilities: - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache...
Apache httpd -- multiple vulnerabilities
The Apache project reports: moderate: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 moderate: NULL pointer dereference in httpd core CVE-2021-34798 moderate: modproxyuwsgi out of bound read CVE-2021-36160 low: apescapequotes buffer overflow CVE-2021-39275 high: modprox...
GHSA-5WJF-62HW-Q78R Excessive CPU usage
Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. Impact This can result in a DoS condition. Patches Pomerium versions 0.14.8 and 0.15.1 contain an upgraded...
Excessive CPU usage
Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. Impact This can result in a DoS condition. Patches Pomerium versions 0.14.8 and 0.15.1 contain an upgraded...
CVE-2021-39204
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versio...