CVE-2022-0650

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...

CVE-2022-24973

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...

CVE-2022-0650

This CVE affects TP-Link TL-WR940N routers (v3.20.1 Build 200316 Rel.34392n). The root cause is a lack of proper validation of the length of user-supplied data in the httpd service, copying into a fixed-length stack-based buffer. The vulnerability allows network-adjacent attackers to execute arbi...

CVE-2022-24972

CVE-2022-24972 affects the TP-Link TL-WR940N, version 3.20.1 Build 200316 Rel.34392n (5553). The vulnerability is in the httpd service listening on port 80, caused by a lack of proper access control, enabling network-adjacent attackers to disclose stored credentials without authentication. Report...

CVE-2022-24972

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...

CBL Mariner 2.0 Security Update: httpd (CVE-2023-27522)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27522 advisory. - HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP...

CBL Mariner 2.0 Security Update: httpd (CVE-2009-1890)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2009-1890 advisory. - The streamreqbodycl function in modproxyhttp.c in the modproxy module in the Apache HTTP Server before 2.3.3,...

CBL Mariner 2.0 Security Update: httpd / mod_http2 (CVE-2023-25690)

The version of httpd / modhttp2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-25690 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP...

Fedora: Security Advisory for httpd (FEDORA-2023-7df48f618b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-27522 affecting package httpd for versions less than 2.4.56-1

CVE-2023-27522 affecting package httpd for versions less than 2.4.56-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-25690 affecting package httpd for versions less than 2.4.56-1

CVE-2023-25690 affecting package httpd for versions less than 2.4.56-1. An upgraded version of the package is available that resolves this issue...

Important: httpd

Issue Overview: There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via...

Amazon Linux 2 : httpd (ALAS-2023-1989)

The version of httpd installed on the remote host is prior to 2.4.56-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1989 advisory. Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack...

CBL Mariner 2.0 Security Update: httpd (CVE-2022-36760)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-36760 advisory. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache...

CBL Mariner 2.0 Security Update: httpd (CVE-2020-13950)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-13950 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with...

CBL Mariner 2.0 Security Update: httpd (CVE-2021-26690)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-26690 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause...

CBL Mariner 2.0 Security Update: httpd (CVE-2019-17567)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-17567 advisory. - Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily...

CBL Mariner 2.0 Security Update: httpd (CVE-2021-26691)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-26691 advisory. - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server cou...

CBL Mariner 2.0 Security Update: httpd (CVE-2020-35452)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-35452 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in...

CBL Mariner 2.0 Security Update: httpd / mod_http2 (CVE-2022-37436)

The version of httpd / modhttp2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-37436 advisory. - Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be...