The vulnerability of the httpd module in the microprogramming software of the Tenda AC18 router allows a hacker to cause a service failure.

The vulnerability of the httpd microprogramming system in the Tenda AC18 router is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure by making a request to the /goform/WifiExtraSet endpoint...

The vulnerability of the httpd module of the microprogramming system used in Tenda AC18 routers allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the httpd microprogramming system in the Tenda AC18 router lies in the writing beyond buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

Design/Logic Flaw

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

UBUNTU-CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

CVE-2022-31081

CVE-2022-31081 affects the Perl HTTP::Daemon library. Versions prior to 6.15 are vulnerable due to improper handling of the Content-Length header, which could enable HTTP request smuggling and potentially allow privileged access to APIs or poisoning of intermediate caches. The issue is documented...

HTTP::Daemon 环境问题漏洞

HTTP::Daemon is a simple HTTP class. An environmental issue vulnerability exists in HTTP::Daemon versions prior to 6.15. An attacker could exploit this vulnerability to gain privileged access to the API or poison the intermediate cache...

CVE-2022-31081 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in HTTP::Daemon

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

CVE-2022-31081 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in HTTP::Daemon

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

CVE-2022-31081 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in HTTP::Daemon

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

PT-2022-4815 · Nginx +8 · Nginx +8

Name of the Vulnerable Software and Affected Versions: HTTP::Daemon versions prior to 6.15 Description: The issue is related to inconsistent interpretation of HTTP requests when handling Content-Length values, potentially allowing a remote attacker to gain privileged access to APIs or poison...

CLSA-2022-1654175590 Fixed CVE-2022-24070 in subversion-4.module_el8.5.0+2053+ac338b6d.tuxcare.els1

CVE-2022-24070: fix use-after-free of object-pools when used as httpd module...

CVE-2022-30476

Tenda AC Series Router AC18V15.03.05.196318 was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request...

CVE-2022-30033

Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status in httpd module...

PT-2022-18082 · Unknown +1 · Libnvram.So +2

Name of the Vulnerable Software and Affected Versions: InRouter302 version 3.5.4 Description: The issue is related to improper input validation vulnerabilities in the libnvram.so nvram import functionality and the httpd's user define print function. A specially-crafted file can lead to remote cod...

CVE-2022-28560

There is a stack overflow vulnerability in the goform/fastsettingwifiset function in the httpd service of Tenda ac9 15.03.2.21cn router. An attacker can obtain a stable shell through a carefully constructed payload...

httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling

A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling...

NETGEAR R6700v3 Information Disclosure Vulnerability

NETGEAR R6700v3 is the Nighthawk AC1750 Smart Dual Band Gigabit Router from Netgear USA. The NETGEAR R6700v3 suffers from an information disclosure vulnerability that stems from a specific flaw in the httpd service, where string matching logic is incorrect when accessing a protected page. An...