Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2243)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2270)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202208-20 : Apache HTTPD: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-20 Apache HTTPD: Multiple Vulnerabilities - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP...

Apache HTTPD: Multiple Vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Internet Bug Bounty: Pause-based desync in Apache HTTPD

Apache was vulnerable to a pause-based desync. This vulnerability is described in detail in my whitepaper here: https://portswigger.net/research/browser-powered-desync-attackspause Impact This enables server-side HTTP Request Smuggling when Apache is deployed as a back-end server, and it also...

httpd:2.4 security update

httpd 2.4.37-47.0.2.2 - modproxy: approxyhttprequest to clear hop-by-hop first and...

CVE-2022-28665

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-arm has a vulnerable URL-decoding feature that c...

CVE-2022-28664

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-mips has a vulnerable URL-decoding feature that...

CVE-2022-26376

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.38648706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

CVE-2022-27631

A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

CVE-2022-28665

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-arm has a vulnerable URL-decoding feature that c...

Memory corruption

A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

CVE-2022-28665

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-arm has a vulnerable URL-decoding feature that c...

CVE-2022-28664

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-mips has a vulnerable URL-decoding feature that...

CVE-2022-28664

CVE-2022-28664 affects FreshTomato 2022.1. The vulnerability stems from the httpd unescape functionality: the code assumes two hex digits follow a ‘%’ and lacks bounds checks, so a request containing an incomplete escape could lead to memory corruption (e.g., via access beyond the end of the stri...

CVE-2022-27631

The CVE-2022-27631 entry describes a memory corruption vulnerability in DD-WRT’s httpd unescape function affecting revisions 32270–48599. The issue stems from assuming two characters follow a '%' and performing an unsafe strcpy without validating the second character, which can read beyond the st...

CVE-2022-27631

A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

CVE-2022-26376

CVE-2022-26376 affects Asuswrt and Asuswrt-Merlin New Gen. The vulnerability is a memory corruption in the httpd unescape function triggered by a crafted HTTP request; it arises due to missing bounds checking after a '%' character, potentially causing memory corruption or crashes via network inpu...

httpd security update

2.2.15-69.0.4 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34317859 2.2.15-69.0.3 - core: Simpler connection close logic CVE-2022-22720Orabug: 33991577...

httpd security update

2.4.6-97.0.7.5 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34381850...