Linux Distros Unpatched Vulnerability : CVE-2022-2053

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a...

undertow: AJP Request closes connection exceeding maxRequestSize

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

undertow: AJP Request closes connection exceeding maxRequestSize

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

DEBIAN-CVE-2023-5379

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

CVE-2022-2053

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

DEBIAN-CVE-2022-2053

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

UBUNTU-CVE-2022-2053

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

Red Hat JBoss Application Server Information Disclosure Vulnerability

Red Hat JBoss Application Server is a U.S. Red Hat Red Hat company based on Java EE open source application server. The product has a startup ultra-fast , lightweight , modular design , hot and parallel deployment , simple management , domain management and the first class components and other...

[SECURITY] Fedora 30 Update: mod_cluster-1.3.11-1.fc30

Modcluster is an httpd-based load balancer. Like modjk and modproxy, modcluster uses a communication channel to forward requests from httpd to one of a set of application server nodes. Unlike modjk and modproxy, modclus ter leverages an additional connection between the application server nodes a...

Privilege Escalation

modcluster is vulnerable to privilege escalation. The root context of the server is registered and exposed by default, allowing a remote attacker to bypass intended access restrictions and gain access to the application via unknown vectors...

CVE-2016-4459

Stack-based buffer overflow in native/modmanager/node.c in modcluster 1.2.9...

Stack overflow

Stack-based buffer overflow in native/modmanager/node.c in modcluster 1.2.9...

mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute

It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash...

Red Hat mod_cluster Denial of Service Vulnerability

Red Hat JBoss Web Server is a U.S. Red Hat company built on top of Apache and Tomcat Web server , which supports the development of large-scale Web sites and Web applications in a customized , lightweight framework. modcluster is one of the HTTP protocol-based load balancing, fault-tolerant clust...

mod_cluster: Protocol parsing logic error

An error was found in protocol parsing logic of modcluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process...

mod_cluster: remotely Segfault Apache http server

It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the modcluster via service messages MCMP...

[SECURITY] Fedora 25 Update: mod_cluster-1.3.3-8.fc25

Modcluster is an httpd-based load balancer. Like modjk and modproxy, modcluster uses a communication channel to forward requests from httpd to one of a set of application server nodes. Unlike modjk and modproxy, modclus ter leverages an additional connection between the application server nodes a...

PT-2018-5032 · Apache +1 · Apache Http Server Mod Cluster +1

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server mod cluster versions prior to 2.4.23 Description: The issue is related to an improper input validation in the protocol parsing logic of the load balancer, which can result in a segmentation fault in the serving httpd proces...

mod_cluster: remotely Segfault Apache http server

It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the modcluster via service messages MCMP...

mod_cluster: remotely Segfault Apache http server

It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the modcluster via service messages MCMP...