230 matches found
Azure Linux 3.0 Security Update: httpd (CVE-2024-36387)
The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36387 advisory. - Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference,...
CVE-2012-0883 affecting package httpd for versions less than 2.4.2-1
CVE-2012-0883 affecting package httpd for versions less than 2.4.2-1. A patched version of the package is available...
EulerOS 2.0 SP9 : httpd (EulerOS-SA-2025-1039)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...
CVE-2024-11148 OpenBSD httpd(8) null dereference
In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd8 is vulnerable to a NULL dereference when handling a malformed fastcgi request...
RHEL 8 : httpd:2.4 (RHSA-2024:6468)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6468 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backe...
RHEL 8 : httpd:2.4 (RHSA-2024:6467)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6467 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backe...
httpd: Security issues via backend applications whose response headers are malicious or exploitable
A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...
httpd: Security issues via backend applications whose response headers are malicious or exploitable
A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...
httpd: Potential SSRF in mod_rewrite
A flaw was found in the modrewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the modproxy module...
Slackware Linux 15.0 / current httpd Vulnerability (SSA:2024-185-02)
The version of httpd installed on the remote host is prior to 2.4.61. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-185-02 advisory. New httpd packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...
AZL-43089 CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...
CVE-2023-50199
D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The...
D-Link G416 安全漏洞
D-Link G416 is the AX1500 4G+ Smart Router launched by AUO in June 2025 , which supports Wi-Fi 6, AI Smart Optimization and 4G LTE Cat 6 network with up to 300Mbps internet speed. The D-Link G416 suffers from an authentication vulnerability that stems from a lack of authentication in the httpd...
AZL-40001 CVE-2024-27316 affecting package httpd for versions less than 2.4.61-1
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...
CVE-2024-0538
A vulnerability has been found in Tenda W9 1.0.0.74456 and classified as critical. This vulnerability affects the function formQosManageauto of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit h...
PT-2024-1454 · Tenda · Tenda W9
Name of the Vulnerable Software and Affected Versions: Tenda W9 version 1.0.0.74456 Description: A critical vulnerability has been found in the function formQosManage auto of the httpd component. The manipulation of the argument ssidIndex leads to a stack-based buffer overflow. This issue can be...
The vulnerability of the httpd microprogramming system in TP-Link TL-WR902AC Wi-Fi routers allows a intruder to gain unauthorized access to protected information.
The vulnerability of the httpd microprogramming system in TP-Link Wi-Fi routers like the TL-WR902AC is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
PT-2023-7097 · Tp Link · Tp-Link Tl-Wr902Ac
Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR902AC affected versions not specified Description: The issue is related to inadequate access control in the httpd service of TP-Link TL-WR902AC Wi-Fi routers. This allows a remote attacker to gain unauthorized access to protected...
Stack overflow
A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...
Design/Logic Flaw
ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition...