Lucene search
K

308 matches found

Tenable Nessus
Tenable Nessus
added 2024/09/12 12:0 a.m.44 views

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2024-2368)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services,...

9.8CVSS8.2AI score0.99957EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2024/09/04 2:52 p.m.5 views

puppet-foreman: An authentication bypass vulnerability exists in Foreman

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...

9.8CVSS5.7AI score0.00769EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/04 2:48 p.m.7 views

puppet-foreman: An authentication bypass vulnerability exists in Foreman

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...

9.8CVSS5.7AI score0.00769EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.5 views

PT-2024-38030

Name of the Vulnerable Software and Affected Versions Foreman versions 6.13 through 6.15 Foreman with Gunicorn versions prior to 22.0 Description An authentication bypass issue has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This...

9.8CVSS9.8AI score0.00769EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.6 views

PT-2024-38689

Name of the Vulnerable Software and Affected Versions Pulpcore versions 3.0 and later Gunicorn versions prior to 22.0 Description An authentication bypass issue has been identified due to Apache's mod proxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

9.8CVSS9.9AI score0.00814EPSS
Exploits0References24
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.20 views

Pulpcore 授权问题漏洞

Pulpcore is a library in the Pulp open source. An authorization issue vulnerability exists in Pulpcore that stems from modproxy not properly unsetting the header...

9.8CVSS9.2AI score0.00814EPSS
Exploits0References7
OSV
OSV
added 2024/08/30 10:0 a.m.8 views

CLSA-2024-1725012055 Fix CVE(s): CVE-2024-38477

SECURITY UPDATE: null pointer dereference in modproxy - debian/patches/CVE-2024-38477.patch: prevent crash resulting in Denial of Service in modproxy via a malicious request - CVE-2024-38477...

7.5CVSS7.2AI score0.03153EPSS
Exploits0References1
OSV
OSV
added 2024/08/30 10:0 a.m.7 views

CLSA-2024-1725012024 Fix CVE(s): CVE-2024-38477

SECURITY UPDATE: null pointer dereference in modproxy - debian/patches/CVE-2024-38477.patch: prevent crash resulting in Denial of Service in modproxy via a malicious request - CVE-2024-38477...

7.5CVSS7.2AI score0.03153EPSS
Exploits0References1
OSV
OSV
added 2024/08/22 6:31 p.m.7 views

CLSA-2024-1724351427 httpd: Fix of 9 CVEs

CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: modrewrite: server weakness in modrewrite when first segment of substitution matches filesystem path - CVE-2024-38477: modproxy: crash resulting in Denial of Service in modproxy via a...

9.8CVSS7.1AI score0.99957EPSS
Exploits5References1
RedHat Linux
RedHat Linux
added 2024/08/13 1:18 p.m.5 views

httpd: Encoding problem in mod_proxy

A flaw was found in the modproxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication...

8.1CVSS7.1AI score0.25878EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/08/13 1:6 p.m.6 views

httpd: Potential SSRF in mod_rewrite

A flaw was found in the modrewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the modproxy module...

7.5CVSS7AI score0.35447EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/13 1:6 p.m.65 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP5 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7AI score0.99957EPSS
Exploits2References8
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-25690

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

9.8CVSS6.8AI score0.8377EPSS
Exploits5References1
RedHat Linux
RedHat Linux
added 2024/07/24 2:5 p.m.10 views

httpd: NULL pointer dereference in mod_proxy

A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service...

7.5CVSS7AI score0.03153EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/07/23 1:24 p.m.5 views

httpd: NULL pointer dereference in mod_proxy

A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service...

7.5CVSS7AI score0.03153EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/07/23 8:57 a.m.10 views

httpd: NULL pointer dereference in mod_proxy

A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service...

7.5CVSS7AI score0.03153EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/07/12 12:0 a.m.5 views

The vulnerability of the mod_proxy module in the Apache HTTP Server allows a hacker to cause a service failure.

The vulnerability of the modproxy module in the Apache HTTP Server is related to incorrect writing of a null pointer. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure through a specially crafted request...

7.8CVSS6.5AI score0.03153EPSS
Exploits0References21Affected Software10
Positive Technologies
Positive Technologies
added 2024/07/08 12:0 a.m.10 views

PT-2025-29114

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.64 Description: An Server-Side Request Forgery SSRF issue exists in Apache HTTP Server when mod proxy is loaded. This allows an attacker to send outbound proxy requests to a URL controlled by the...

7.5CVSS7.5AI score0.00772EPSS
Exploits0References209
CNVD
CNVD
added 2024/07/05 12:0 a.m.98 views

Apache HTTP Server Input Validation Error Vulnerability (CNVD-2024-36390)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause insecure...

7.5CVSS7.9AI score0.35447EPSS
Exploits0References1
OSV
OSV
added 2024/07/01 7:15 p.m.3 views

ALPINE-CVE-2024-39573

Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

7.5CVSS6.8AI score0.35447EPSS
Exploits0References1
Rows per page
Query Builder