CETIC-6LBR Security Vulnerability

CETIC-6LBR is an open source 6LoWPAN/RPL border router based on the Contiki operating system. A security vulnerability exists in CETIC-6LBR version 1.5.0, which originates from a buffer overflow vulnerability in the component examples/6lbr/apps/6lbr-webserver/httpd.c. The vulnerability is caused ...

PT-2023-12621 · Unknown · Cetic-6Lbr

Name of the Vulnerable Software and Affected Versions: CETIC-6LBR aka 6lbr version 1.5.0 Description: The issue is a strcat stack-based buffer overflow that occurs when a request for a long URL is made over a 6LoWPAN network. This can be exploited via the httpd.c file in the...

D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from...

D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack ...

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default...

Vulnerabilities fixed in Fortinet FortiMail

Fortinet has fixed vulnerabilities in FortiMail. The vulnerability with reference CVE-2022-47538 allows an unauthenticated malicious party to use a specially prepared request, authentication on the management interface to bypassing authentication on the management interface. The malicious party c...

DEBIAN-CVE-2023-5379

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

Design/Logic Flaw

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

CVE-2023-5379

CVE-2023-5379 affects Undertow/AJP handling in Red Hat JBoss EAP, where an AJP request exceeding the max-header-size can cause mod_cluster to mark the backend as an error and close the TCP connection without an AJP response, enabling potential DoS via repeated oversized requests. The connected ad...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-3245)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-3273)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-3334)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-3302)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerability in httpd (CVE-2023-25690) affects Power HMC

Summary HTTPD is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with some form of...

PT-2023-9008 · Tp Link · Eap225 V3

Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue can be triggered by a...

CVE-2023-49007

In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd...

CVE-2023-49007

In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd...

Stack overflow

In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd...

CVE-2023-49007

In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd...

CLSA-2023-1701706552 httpd: Fix of 2 CVEs

CVE-2023-27522: modproxyuwsgi: HTTP response splitting - CVE-2023-31122: modmacro: fix out-of-bounds read vulnerability by using own strncmp function...