CVE-2023-41081

Important: Authentication Bypass CVE-2023-41081 The modjk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, modjk would use an...

SUSE CVE-2010-0425

modules/arch/win32/modisapi.c in modisapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapiunload for an ISAPI .dll module, which allows remote attackers ...

SUSE CVE-2022-28330

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module...

httpd: mod_isapi: out-of-bounds read

An out-of-bounds read vulnerability was found in the modisapi module of httpd. The issue occurs when httpd is configured to process requests with the modisapi module...

OESA-2022-1784 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module.CVE-2022-28330...

CVE-2022-28330

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module...

Apache HTTP Server 缓冲区错误漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A buffer overflow vulnerability exists in Apache HTTP Server 2.4.53 and earlier versions, which stems from a boundary error in the...

PT-2022-3344 · Apache +2 · Apache Http Server +2

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.53 and earlier Description: The issue is related to a buffer overflow condition in the mod isapi module of the Apache HTTP Server. Exploitation of this issue may allow a remote attacker to cause a denial of...

Buffer Overflow

Apache Tomcat JK ISAPI Connector is vulnerable to buffer overflow attacks. A remote user can send a specifically crafted URI to the target virtual host to trigger a buffer overflow in the JK ISAPI connector and potentially execute arbitrary code on the target system which may leads the applicatio...

isapi_redirect: Mishandled HTTP request paths in jk_isapi_plugin.c can lead to unintended exposure of application resources via the reverse proxy

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

Apache Tomcat JK ISAPI Connector Information Disclosure Vulnerability

Apache Tomcat JK ISAPI Connector is a U.S. Apache Apache Software Foundation for Apache or IIS to provide a connection to the back-end Tomcat module , which supports clustering and load balancing and so on. A security vulnerability exists in Apache Tomcat JK ISAPI Connector versions 1.2.0 through...

CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

Design/Logic Flaw

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

CVE-2018-1323

The issue (CVE-2018-1323) affects Apache Tomcat JK Connector (mod_jk) IIS/ISAPI integration: the ISAPI Connector 1.2.0–1.2.42 path normalization in jk_isapi_plugin.c could allow a specially crafted request to access application functionality via the reverse proxy that was not intended for clients...

CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

Fixed in Apache Tomcat JK Connector 1.2.43

Important: Information disclosure CVE-2018-1323 The IIS/ISAPI specific code that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a...

CVE-2015-4408

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service service interruption via a crafted HTTP request, aka the ISAPI issue...