5773 matches found
Medium: httpd24
Issue Overview: A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.CVE-2019-10081 A read-after-free vulnerability was discovered in Apache httpd, in modhttp2. A specially crafted http/...
Critical Photon OS Security Update - PHSA-2019-3.0-0035
Updates of 'subversion', 'python2', 'httpd', 'openjdk8', 'unbound', 'sudo' packages of Photon OS have been released...
nostromo nhttpd path traversal vulnerability
nostromo nhttpd is an open source web server . A path traversal vulnerability exists in the 'httpverify' function in nostromo nhttpd 1.9.6 and earlier. The vulnerability stems from a failure of a network system or product to properly filter special elements in the path of a resource or file. An...
NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Vulnerability (NS-SA-2019-0182)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by a vulnerability: - In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated...
NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2019-0202)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/',...
Critical Photon OS Security Update - PHSA-2019-0253
Updates of 'httpd' packages of Photon OS have been released...
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0253
An update of 'httpd' packages of Photon OS has been released...
Apache Httpd mod_proxy - Error Page Cross-Site Scripting
Apache Httpd modproxy - Error Page Cross-Site Scripting The trick is to use a vertical tab %09 and then place another URL in the tag. So once a victim clicks the link on the error page, she will go somewhere else. As you can see, the browser changes the destination from relative / to an absolute...
Apache Httpd mod_rewrite - Open Redirects
Apache Httpd modrewrite - Open Redirects Normal URLs like http://redirect.local/test will be forwared to https://redirect.local/test. But by using newlines CVE 2019-10098, we can redirect somewhere else i.e. to https://redirect.local.evilwebsite.com: curl -Ik...
Apache Httpd mod_proxy - Error Page Cross-Site Scripting
The trick is to use a vertical tab %09 and then place another URL in the tag. So once a victim clicks the link on the error page, she will go somewhere else. As you can see, the browser changes the destination from relative / to an absolute url https://enoflag.de. The exploit is...
Apache Httpd mod_rewrite - Open Redirects
Normal URLs like http://redirect.local/test will be forwared to https://redirect.local/test. But by using newlines CVE 2019-10098, we can redirect somewhere else i.e. to https://redirect.local.evilwebsite.com: curl -Ik 'https://redirect.local/%0a.evilwebsite.com' --path-as-is HTTP/2 302 date: Mon...
CVE-2017-7679
A buffer over-read flaw was found in the httpds modmime module. A user permitted to modify httpds MIME configuration could use this flaw to cause httpd child process to crash...
CVE-2018-1312
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...
CVE-2017-9788
It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...
CVE-2017-9798
A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash...
CVE-2016-2161
It was discovered that the modauthdigest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication...
CVE-2017-7659
A NULL pointer dereference flaw was found in the modhttp2 module of httpd. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP/2 request...
CVE-2017-7668
A buffer over-read flaw was found in the httpd's apfindtoken function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request...
Photon OS 2.0: Httpd PHSA-2019-2.0-0178
An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0178. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid129688...
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0178
An update of 'httpd' packages of Photon OS has been released...