AZL-65169 CVE-2024-43204 affecting package httpd for versions less than 2.4.64-1

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

ALPINE-CVE-2024-43204

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

UBUNTU-CVE-2024-43204

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that stems from loading modproxy without implementing...

Oracle Linux 10 : mod_proxy_cluster (ELSA-2025-9466)

The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-9466 advisory. 1.3.22-1.el100.2 - Resolves: RHEL-82256 - Update deprecated misspeled EnableMCPMReceive directive 1.3.22-1.el100.1 - Resolves: RHEL-80796 - Rebase...

mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests

A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...

mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests

A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...

PT-2025-29118

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.26 through 2.4.63 Description: In specific proxy setups, an untrusted client can trigger a denial of service against Apache HTTP Server. This occurs due to an assertion within the mod proxy http2 module when...

mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests

A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...

CVE-2024-10306

A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...

PT-2025-17610 · Unknown +2 · Mod Proxy Cluster +2

Name of the Vulnerable Software and Affected Versions: mod proxy cluster affected versions not specified Description: A vulnerability was found in mod proxy cluster, where the directive does not restrict IP/host access as Require ip IP ADDRESS would suggest, allowing anyone with access to the hos...

Astra Linux – Vulnerability in Apache2

In Apache HTTP Server 2.4.59 and earlier, a null pointer dereference vulnerability in modproxy allows an attacker to crash the server through a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CLSA-2024-1726314403 Update of httpd

modproxy: Fix ProxySourceAddress binding failure with AH00938...

The vulnerability of the modules/proxy/mod_proxy.c component of the Apache HTTP Server, related to a lack of mechanisms for encoding or shielding output data, allows attackers to gain access to confidential data and also trigger a denial-of-service attack.

The vulnerability of the modules/proxy/modproxy.c component of the Apache HTTP Server is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability can allow an attacker to gain access to confidential data, as well as cause service failures...

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2024-2368)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services,...

puppet-foreman: An authentication bypass vulnerability exists in Foreman

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...

puppet-foreman: An authentication bypass vulnerability exists in Foreman

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...

PT-2024-38689

Name of the Vulnerable Software and Affected Versions Pulpcore versions 3.0 and later Gunicorn versions prior to 22.0 Description An authentication bypass issue has been identified due to Apache's mod proxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

PT-2024-38030

Name of the Vulnerable Software and Affected Versions Foreman versions 6.13 through 6.15 Foreman with Gunicorn versions prior to 22.0 Description An authentication bypass issue has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This...

Pulpcore 授权问题漏洞

Pulpcore is a library in the Pulp open source. An authorization issue vulnerability exists in Pulpcore that stems from modproxy not properly unsetting the header...