CVE-2023-38035

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration...

CVE-2023-38035

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. Recent assessments: jheysel-r7 at...

httpd: mod_proxy_uwsgi HTTP response splitting

An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via modproxyuwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client...

httpd: mod_proxy_ajp: Possible request smuggling

A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...

httpd: mod_proxy: HTTP response splitting

A flaw was found in the modproxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client...

ASUS RT-AX88U ej.c Buffer Overflow Vulnerability

The ASUS RT-AX88U is a wireless router from Asus China. The ASUS RT-AX88U suffers from a buffer overflow vulnerability that stems from a failure to check the buffer input size, which can be exploited by a remote attacker who can send a specially crafted request to the device, resulting in a crash...

Exploit for Path Traversal in Apache Http_Server

PoC exploit for CVE-2021-41773 and CVE-2021-42013, two vulnerabi...

CVE-2023-34358

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition...

CVE-2023-34359

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "dojsondecode" function of ej.c, resulting in a DoS condition...

CVE-2023-34359

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "dojsondecode" function of ej.c, resulting in a DoS condition...

Design/Logic Flaw

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "dojsondecode" function of ej.c, resulting in a DoS condition...

Design/Logic Flaw

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition...

CVE-2023-34359 ASUS RT-AX88U - Out-of-bounds Read - 2

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "dojsondecode" function of ej.c, resulting in a DoS condition...

CVE-2023-34359 ASUS RT-AX88U - Out-of-bounds Read - 2

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "dojsondecode" function of ej.c, resulting in a DoS condition...

CVE-2023-34359

ASUS RT-AX88U exposes a DoS vulnerability in httpd caused by a buffer/ej.c do_json_decode() mismanagement. Remote attackers can trigger via specially crafted requests to crash the httpd binary, yielding unauthenticated denial of service. Public sources in the CVE describe the issue as an unauthen...

CVE-2023-34358 ASUS RT-AX88U - Out-of-bounds Read - 1

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition...

CVE-2023-34358

The CVE-2023-34358 entry applies to the ASUS RT-AX88U router (httpd). Affected component: httpd, vulnerable in the web.c string comparison when processing a crafted User-Agent, leading to an unauthenticated DoS (remote attacker can crash the httpd binary). Root cause appears to be input handling ...

CVE-2023-34358 ASUS RT-AX88U - Out-of-bounds Read - 1

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition...

ASUS RT-AX88U 缓冲区错误漏洞

The ASUS RT-AX88U is a wireless router from Asus China. The ASUS RT-AX88U suffers from a buffer overflow vulnerability that stems from a failure to check the buffer input size, which can be exploited by a remote attacker who can send a specially crafted request to the device, resulting in a crash...

PT-2023-4143 · Asus · Asus Rt-Ax88U

Name of the Vulnerable Software and Affected Versions: ASUS RT-AX88U affected versions not specified Description: The issue is related to an error in the do json decode function of the ej.c file in the ASUS RT-AX88U router's firmware, which can cause a buffer overflow. A remote attacker can explo...