The vulnerability of the httpd daemon in FortiOS operating systems and the proxy server designed to protect against Internet attacks by FortiProxy allows a perpetrator to cause a service failure.

The vulnerability of the httpd daemon in FortiOS operating systems, as well as the proxy server used for protecting against Internet attacks via FortiProxy, is related to writing data beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service...

PT-2022-5722 · NetGear · Netgear R7000P

Name of the Vulnerable Software and Affected Versions: Netgear R7000P version 1.3.1.64 Description: The issue is related to buffer overflow errors in the httpd daemon of the NETGEAR R7000P router's embedded software. These errors occur through the starthour, startminute, endhour, and endminute...

PT-2022-5721 · NetGear · Netgear R7000P

Name of the Vulnerable Software and Affected Versions: Netgear R7000P version 1.3.0.8 Description: The issue is related to a buffer overflow error in the httpd daemon of the NETGEAR R7000P router's software, specifically through the enable band steering parameter. This could allow a remote attack...

PT-2022-5711 · NetGear · Netgear R7000P

Name of the Vulnerable Software and Affected Versions: Netgear R7000P version 1.3.0.8 Description: The issue is related to a buffer overflow error in the httpd daemon of the NETGEAR R7000P router's firmware. This can be exploited by a remote attacker to execute arbitrary code through the wan dns1...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2614)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

InHand Networks InRouter302 httpd port 4444 upload.cgi leftover debug code vulnerability

Talos Vulnerability Report TALOS-2022-1522 InHand Networks InRouter302 httpd port 4444 upload.cgi leftover debug code vulnerability October 27, 2022 CVE Number CVE-2022-29888 SUMMARY A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks...

EulerOS 2.0 SP3 : httpd (EulerOS-SA-2022-2614)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to...

httpd: Request splitting via HTTP/2 method injection and mod_proxy

A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity...

httpd: possible NULL dereference or SSRF in forward proxy configurations

There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...

httpd: NULL pointer dereference via crafted request during HTTP/2 request processing

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

httpd: Out-of-bounds write in ap_escape_quotes() via malicious input

An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

httpd: Request splitting via HTTP/2 method injection and mod_proxy

A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity...

Tenda AC1206 setSchedWifi function sched_end_time buffer overflow vulnerability

The AC1206 is a high performance router designed with Gigabit ports for both WAN and LAN ports. A buffer overflow vulnerability exists in the Tenda AC1206 firmware version USAC1206V1.0RTLV15.03.06.23multiTD01, which originates from the /bin/httpd file /goform/openSchedWifi in the function scheden...

Tenda AC1206 fromSysToolRestoreSet Function Cross-Site Request Forgery Vulnerability

The AC1206 is a high performance router designed with Gigabit ports for both WAN and LAN ports. Tenda AC1206 firmware version USAC1206V1.0RTLV15.03.06.23multiTD01 has a cross-site request forgery vulnerability in the /bin/httpd file in the fromSysToolRestoreSet function /goform/ SysToolRestoreSet...

Tenda AC1206 setSchedWifi function sched_start_time buffer overflow vulnerability

The AC1206 is a high performance router designed with Gigabit ports for both WAN and LAN ports. A buffer overflow vulnerability exists in Tenda AC1206 firmware version USAC1206V1.0RTLV15.03.06.23multiTD01, which originates from the schedstarttime parameter in the setSchedWifi function of the...

CVE-2021-40556

A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacke...

CVE-2021-40556

A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacke...

CVE-2021-40556

CVE-2021-40556 affects ASUS RT-AX56U Router (firmware version 3.0.0.4.386.44266). The issue is a stack overflow in the httpd service caused by the strcat call in the caupload input handler, allowing an attacker to inject up to 0xFFFF bytes into the stack and potentially gain remote code execution...

httpd: Request splitting via HTTP/2 method injection and mod_proxy

A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity...