httpd: mod_dav: out-of-bounds read/write of zero byte

A flaw was found in the moddav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service...

Moderate: httpd security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...

PT-2023-7980

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR841N versions affected versions not specified Description The TP-Link TL-WR841N router is affected by an improper authentication issue within the dropbearpwd component. This allows network-adjacent attackers to disclose sensitive...

CVE-2023-25824

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

Design/Logic Flaw

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

UBUNTU-CVE-2023-25824

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

CVE-2023-25824 mod_gnutls contains Infinite Loop on request read timeout

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

CVE-2023-25824 mod_gnutls contains Infinite Loop on request read timeout

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

CVE-2023-25824

CVE-2023-25824 affects the Mod_gnutls TLS module for Apache HTTPD (GnuTLS-based). Versions 0.9.0 through 0.12.0 do not properly fail blocking read operations on TLS connections when the transport times out, instead entering an endless loop that can consume CPU resources and, if trace logging is e...

CVE-2023-25824

Removed by vendor...

PT-2023-20329 · Apache · Apache Httpd

Name of the Vulnerable Software and Affected Versions: Mod gnutls versions 0.9.0 through 0.12.0 Description: Mod gnutls is a TLS module for Apache HTTPD based on GnuTLS. It did not properly fail blocking read operations on TLS connections when the transport hit timeouts, entering an endless loop...

Amazon Linux 2 : httpd (ALAS-2023-1938)

The version of httpd installed on the remote host is prior to 2.4.55-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1938 advisory. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory...

mod_gnutls -- Infinite Loop on request read timeout

The modgnutls project reports: Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation,...

RLSA-2023:0852 Moderate: httpd:2.4 security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...

httpd:2.4 security and bug fix update

An update is available for modhttp2, modmd, httpd, module.httpd, module.modmd, module.modhttp2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

K000132665: Apache HTTPD vulnerability CVE-2022-37436

Security Advisory Description Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the...

httpd:2.4 security and bug fix update

httpd 2.4.37-51.0.1.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-51.1 - Resolves: 2165967 - prevent sscg creating /dhparams.pem - Resolves: 2165976 - CVE-2006-20001 httpd: moddav: out-of-bounds read/write of zero...

K27757011: Apache HTTPD vulnerability CVE-2017-15715

Security Advisory Description In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally...

K13401920: Apache HTTPD vulnerability CVE-2021-36160

Security Advisory Description A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive. CVE-2021-36160 Impact A remote attacker, through a crafted request, can exploit t...

K05415626: Apache HTTPD vulnerability CVE-2017-7659

Security Advisory Description A maliciously constructed HTTP/2 request could cause modhttp2 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. CVE-2017-7659 Impact A remote attacker can use a maliciously crafted HTTP/2 request to cause an abnormal termination on the Apache...