Lucene search
K

312 matches found

Nuclei
Nuclei
added yesterday167 views

Apache HTTP Server - ACL Bypass

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. id: CVE-2024-38473 info: name: Apache HTTP Server - ACL Bypass author: pdteam severity: high...

8.1CVSS6.7AI score0.25878EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added last week3 views

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

5.3CVSS6.2AI score0.00485EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/07 9:48 p.m.4 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS6AI score0.00393EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 10:36 p.m.3 views

SUSE-SU-2026:2735-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-29167: modldap per-dir use-after-free bsc1267976. - CVE-2026-29170: modproxyftp XSS bsc1267977. - CVE-2026-34355: modproxyhtml buffer overflow bsc1267978. - CVE-2026-34356: malicious backend servers can lead to a heap-based buffer...

9.8CVSS6.2AI score0.11471EPSS
Exploits8References27
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.4 views

httpd: Apache HTTP Server: Denial of Service in mod_proxy_ftp via attacker-controlled FTP server

A flaw was found in the modproxyftp module of the Apache HTTP Server. A remote attacker, by controlling a backend File Transfer Protocol FTP server, can trigger an infinite loop. This vulnerability, categorized as a Loop with Unreachable Exit Condition, leads to a Denial of Service DoS for the...

7.3CVSS5.9AI score0.00562EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.16 views

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

7.5CVSS6AI score0.00394EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/12 2:35 p.m.12 views

CVE-2026-29170

A flaw was found in Apache HTTP Server, specifically within the modproxyftp module. This cross-site scripting XSS vulnerability occurs during the generation of HTML directory lists when the server is configured to list FTP directory contents via either a forward or reverse proxy. An attacker coul...

6.1CVSS5AI score0.00504EPSS
Exploits0References4
OSV
OSV
added 2026/06/10 8:39 a.m.7 views

BIT-APACHE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

7.5CVSS5.6AI score0.00805EPSS
Exploits0References7
OSV
OSV
added 2026/06/10 8:39 a.m.8 views

BIT-APACHE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.1AI score0.00504EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:29 a.m.11 views

SUSE CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

5.4CVSS5.1AI score0.00504EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-34355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version...

7.5CVSS6.2AI score0.00805EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.20 views

Linux Distros Unpatched Vulnerability : CVE-2026-29170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory...

6.1CVSS6.1AI score0.00504EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 4:16 p.m.2 views

ALPINE-CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.8AI score0.00504EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 4:16 p.m.8 views

UBUNTU-CVE-2026-44186

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.3CVSS5.4AI score0.00562EPSS
Exploits0References6
OSV
OSV
added 2026/06/08 4:16 p.m.7 views

UBUNTU-CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.1AI score0.00504EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/08 3:20 p.m.16 views

CVE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

5.7AI score0.00805EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 3:20 p.m.79 views

CVE-2026-34355

CVE-2026-34355 : A buffer overflow in Apache HTTP Server’s mod_proxy_html (affecting 2.4.67 and earlier) can be exploited by an untrusted backend. The advisory indicates that upgrading to 2.4.68 fixes the issue. Documented impact is a network‑accessible overflow with high severity (CVSS v3.1: 7.5...

7.5CVSS5.7AI score0.00805EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/08 3:20 p.m.10 views

CVE-2026-34355

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

7.5CVSS5.6AI score0.00805EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/08 3:10 p.m.9 views

CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.2AI score0.00504EPSS
Exploits0
CVE
CVE
added 2026/06/08 3:10 p.m.111 views

CVE-2026-29170

CVE-2026-29170 describes a cross-site scripting (XSS) vulnerability in Apache HTTP Server 2.4.67 and earlier, affecting mod_proxy_ftp during HTML directory list generation when listing FTP directory contents via forward or reverse proxy configurations. The vulnerability arises in the HTML directo...

6.1CVSS5.2AI score0.00504EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder