PT-2023-6258 · Yifan · Yifan Yf325

Name of the Vulnerable Software and Affected Versions: Yifan YF325 version 1.0 20221108 Description: A buffer overflow vulnerability exists in the httpd next page functionality, allowing an attacker to execute arbitrary commands by sending a specially crafted network request. The buffer overflow ...

Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1764 Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34346 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A...

Yifan YF325 httpd manage_request stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1766 Yifan YF325 httpd managerequest stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34426 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A...

Yifan YF325 httpd manage_post stack-based buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1787 Yifan YF325 httpd managepost stack-based buffer overflow vulnerabilities October 11, 2023 CVE Number CVE-2023-35965,CVE-2023-35966 SUMMARY Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325...

Yifan YF325 httpd nvram.cgi authentication bypass vulnerability

Talos Vulnerability Report TALOS-2023-1762 Yifan YF325 httpd nvram.cgi authentication bypass vulnerability October 11, 2023 CVE Number CVE-2023-24479 SUMMARY An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network...

Yifan YF325 httpd next_page buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1761 Yifan YF325 httpd nextpage buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-35055,CVE-2023-35056 SUMMARY A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network...

Yifan YF325 httpd debug credentials leftover debug code vulnerability

Talos Vulnerability Report TALOS-2023-1752 Yifan YF325 httpd debug credentials leftover debug code vulnerability October 11, 2023 CVE Number CVE-2023-32645 SUMMARY A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.020221108. A specially...

Yifan YF325 httpd do_wds stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1765 Yifan YF325 httpd dowds stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-31272 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd dowds functionality of Yifan YF325 v1.020221108. A specially crafted...

RLSA-2023:5050 Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

httpd:2.4 security update

An update is available for httpd, modmd, modhttp2, module.modmd, module.modhttp2, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

CVE-2023-41081 Apache Tomcat Connectors: Unexpected use of first declared worker in mod_jk for unmapped request

Important: Authentication Bypass CVE-2023-41081 The modjk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, modjk would use an...

Apache Tomcat Security Vulnerability

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements support for Servlets and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat, which stems from the fact that modjk uses an implicit mapping when the...

httpd:2.4 security update

httpd 2.4.37-56.0.1.7 - Resolves: 2176723 - CVE-2023-27522 httpd:2.4/httpd: modproxyuwsgi HTTP response splitting 2.4.37-56.0.1.6 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-56.6 - Resolves: 2190133 - modrewrite...

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

ALSA-2023:5050 Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

RHEL 8 : httpd:2.4 (RHSA-2023:5049)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5049 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyuwsgi HTTP respon...

RHEL 8 : httpd:2.4 (RHSA-2023:5050)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5050 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyuwsgi HTTP respon...

Apache HTTPD: Multiple Vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...