308 matches found
EulerOS 2.0 SP9 : httpd (EulerOS-SA-2024-2368)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services,...
puppet-foreman: An authentication bypass vulnerability exists in Foreman
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...
puppet-foreman: An authentication bypass vulnerability exists in Foreman
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...
PT-2024-38030
Name of the Vulnerable Software and Affected Versions Foreman versions 6.13 through 6.15 Foreman with Gunicorn versions prior to 22.0 Description An authentication bypass issue has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This...
PT-2024-38689
Name of the Vulnerable Software and Affected Versions Pulpcore versions 3.0 and later Gunicorn versions prior to 22.0 Description An authentication bypass issue has been identified due to Apache's mod proxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...
Pulpcore 授权问题漏洞
Pulpcore is a library in the Pulp open source. An authorization issue vulnerability exists in Pulpcore that stems from modproxy not properly unsetting the header...
CLSA-2024-1725012055 Fix CVE(s): CVE-2024-38477
SECURITY UPDATE: null pointer dereference in modproxy - debian/patches/CVE-2024-38477.patch: prevent crash resulting in Denial of Service in modproxy via a malicious request - CVE-2024-38477...
CLSA-2024-1725012024 Fix CVE(s): CVE-2024-38477
SECURITY UPDATE: null pointer dereference in modproxy - debian/patches/CVE-2024-38477.patch: prevent crash resulting in Denial of Service in modproxy via a malicious request - CVE-2024-38477...
CLSA-2024-1724351427 httpd: Fix of 9 CVEs
CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: modrewrite: server weakness in modrewrite when first segment of substitution matches filesystem path - CVE-2024-38477: modproxy: crash resulting in Denial of Service in modproxy via a...
httpd: Encoding problem in mod_proxy
A flaw was found in the modproxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication...
httpd: Potential SSRF in mod_rewrite
A flaw was found in the modrewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the modproxy module...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP5 security update
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
VulnCheck KEV: CVE-2023-25690
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
httpd: NULL pointer dereference in mod_proxy
A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service...
httpd: NULL pointer dereference in mod_proxy
A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service...
httpd: NULL pointer dereference in mod_proxy
A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service...
The vulnerability of the mod_proxy module in the Apache HTTP Server allows a hacker to cause a service failure.
The vulnerability of the modproxy module in the Apache HTTP Server is related to incorrect writing of a null pointer. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure through a specially crafted request...
PT-2025-29114
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.64 Description: An Server-Side Request Forgery SSRF issue exists in Apache HTTP Server when mod proxy is loaded. This allows an attacker to send outbound proxy requests to a URL controlled by the...
Apache HTTP Server Input Validation Error Vulnerability (CNVD-2024-36390)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause insecure...
ALPINE-CVE-2024-39573
Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...