Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: moddav out of bounds read, or write of zero byte CVE-2006-20001 moderate modproxyajp Possible request smuggling CVE-2022-36760 moderate modproxy prior to 2.4.55 allows a backend to trigger HTTP response splitting CVE-2022-37436 moderate...

CVE-2022-47853

Affected software: TOTOlink A7100RU router (firmware 7.4cu.2313_B20191024). Vulnerability: command injection in the httpd service due to insufficient sanitization of input, enabling an attacker to execute arbitrary commands and potentially obtain a stable root shell with a crafted payload. Root c...

CVE-2022-47853

TOTOlink A7100RU V7.4cu.2313B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload...

CVE-2022-4498

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...

Heap overflow

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...

CVE-2022-4499

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password...

CVE-2022-4499 The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password...

CVE-2022-4499 The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password...

CVE-2022-4499

CVE-2022-4499 affects TP-Link WR710N-V1-151022 and Archer C5-V2-160201 (TP-Link routers). The vulnerability arises from a side-channel attack on the httpd process, specifically a strcmp() used to verify credentials, allowing an attacker to deterministically guess each byte of the username and pas...

CVE-2022-43970

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware = 4.30.18.006. A stack-based buffer overflow in the StartEPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the...

CVE-2022-43970

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware = 4.30.18.006. A stack-based buffer overflow in the StartEPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the...

Stack overflow

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware = 4.30.18.006. A stack-based buffer overflow in the StartEPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the...

CVE-2022-43973

The CVE-2022-43973 issue affects Linksys WRT54GL Wireless-G Broadband Router versions

Linksys WUMC710 操作系统命令注入漏洞

The Linksys WUMC710 is a universal media connector from Linksys USA. A command injection vulnerability exists in the Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 build3 and prior versions. The vulnerability stems from the dosetNTP function in the httpd binary that uses...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1074)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] php

New php packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/php-7.4.33-i586-2slack15.0.txz: Rebuilt. This update fixes a security issue: PDO::quote may return unquoted string. For more information...

EulerOS Virtualization 3.0.2.6 : httpd (EulerOS-SA-2023-1074)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2905)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : httpd (EulerOS-SA-2022-2905)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2866)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...