CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An update for httpd is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS7AI score0.41611EPSS

Exploits0References2

RedHat Linux•added 2024/09/25 11:22 a.m.•4 views

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

9.8CVSS7.1AI score0.41611EPSS

Exploits0References5

RedHat Linux•added 2024/09/24 11:48 a.m.•5 views

httpd: HTTP response splitting

A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting...

7.3CVSS7.1AI score0.03914EPSS

Exploits0References5

Tenable Nessus•added 2024/09/24 12:0 a.m.•36 views

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2024-2473)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.CVE-2023-38709 HTT...

7.5CVSS7.3AI score0.91327EPSS

Exploits2References4

OpenVAS•added 2024/09/23 12:0 a.m.•28 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2473)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.91327EPSS

Exploits2References2

NVD•added 2024/09/16 9:15 p.m.•9 views

CVE-2024-45414

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...

9.8CVSS0.00483EPSS

Exploits0References1

NVD•added 2024/09/16 9:15 p.m.•8 views

CVE-2024-45415

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in checkdataintegrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksu...

9.8CVSS0.00483EPSS

Exploits0References1

NVD•added 2024/09/16 9:15 p.m.•18 views

CVE-2024-45413

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsadecrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RC...

8.1CVSS0.0038EPSS

Exploits0References1

OSV•added 2024/09/16 6:42 a.m.•16 views

RHSA-2021:4537 Red Hat Security Advisory: httpd:2.4 security update

Bulletin has no description...

9CVSS9.4AI score0.01569EPSS

Exploits0References8

OSV•added 2024/09/16 2:21 a.m.•32 views

RHSA-2019:0980 Red Hat Security Advisory: httpd:2.4 security update

Bulletin has no description...

8.8CVSS6.9AI score0.65005EPSS

Exploits8References15