httpd: possible NULL dereference or SSRF in forward proxy configurations

There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...

httpd: mod_lua: Use of uninitialized value of in r:parsebody

A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest threat from this vulnerability is to system availability...

httpd: Out-of-bounds read in ap_strcmp_match()

An out-of-bounds read vulnerability was found in httpd. A very large input to the apstrcmpmatch function can lead to an integer overflow and result in an out-of-bounds read...

httpd: mod_sed: DoS vulnerability

A flaw was found in the modsed module of httpd. A very large input to the modsed module can result in a denial of service due to excessively large memory allocations...

httpd: mod_lua: Information disclosure with websockets

A flaw was found in the modlua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure...

httpd: mod_lua: DoS in r:parsebody

A flaw was found in the modlua module of httpd. A malicious request to a Lua script that calls parsebody0 can lead to a denial of service due to no default limit on the possible input size...

httpd: NULL pointer dereference via malformed requests

A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability...

Moderate: Red Hat Security Advisory: httpd24-httpd security and bug fix update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 7 : httpd24-httpd (RHSA-2022:6753)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6753 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/wri...

Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities

Abstract SONAS includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components. Content VULNERABILITY DETAILS: CVE ID: Vendor| Vendor ID| Vendor Title| Included CVEs ---|---|---|--- IBM| TSM 6.3.1.0| Two unauthorized access...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2383)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2347)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.0 : httpd (EulerOS-SA-2022-2383)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an...

Tenda AC21 saveParentControlInfo function buffer overflow vulnerability

The Tenda AC21 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC21 version V16.03.08.15, which originates from the lack of length checking of input data in the saveParentControlInfo function of /bin/httpd, and can be exploited to cause httpd t...

Tenda AC21 formSetQosBand function buffer overflow vulnerability

The Tenda AC21 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC21 version V16.03.08.15, which originates from a lack of length checking of input data in the formSetQosBand function of /bin/httpd, which can be exploited to cause httpd to resta...

Tenda AC21 Buffer Overflow Vulnerability

Tenda AC21 is a wireless router from Tenda China. Tenda AC21 V16.03.08.15 is vulnerable to a buffer overflow vulnerability, which originates in the formfastsettingwifiset function of /bin/httpd for lack of length checking of input data, and can be exploited by an attacker to cause httpd to restar...

Tenda AC21 setSmartPowerManagement Function Buffer Overflow Vulnerability

The Tenda AC21 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC21 version V16.03.08.15, which originates from a lack of length checking of input data in the setSmartPowerManagement function of /bin/httpd, which can be exploited to cause httpd...

Tenda AC21 formSetFirewallCfg function buffer overflow vulnerability

The Tenda AC21 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC21 version V16.03.08.15, which originates from a lack of length checking of input data in the formSetFirewallCfg function of /bin/httpd, which can be exploited to cause httpd to...

CVE-2022-40073

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, saveParentControlInfo...

CVE-2022-40076

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetWifiGusetBasic...