CVE-2022-2053

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

DEBIAN-CVE-2022-2053

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

PT-2022-6218 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.54 and prior versions Description: The issue is related to the inconsistent interpretation of HTTP requests, also known as 'HTTP Request Smuggling', in the mod proxy ajp module of the Apache HTTP Server. This...

The vulnerability of the mod_proxy module in the Apache HTTP Server allows attackers to circumvent security restrictions.

The vulnerability of the modproxy module in the Apache HTTP Server is related to insufficient validation of data authenticity or the use of unreliable sources for processing X-Forwarded- headers. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

The vulnerability of the mod_proxy_ajp module in the Apache HTTP Server allows a hacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the modproxyajp module in the Apache HTTP Server is related to improper handling of HTTP requests. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests HTTP Request Smuggling attack...

CVE-2022-26377

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

ALPINE-CVE-2022-26377

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

UBUNTU-CVE-2022-26377

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

Apache HTTP Server 数据伪造问题漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server is vulnerable to a data forgery issue that stems from modproxy's X-Forwarded-For hop-by-hop mechanism discard. An attacker could use this vulnerability to bypass IP-based authentication on the source...

httpd: possible NULL dereference or SSRF in forward proxy configurations

There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...

PT-2022-3356 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.53 and prior versions Description: The issue is related to the inconsistent interpretation of HTTP requests, also known as 'HTTP Request Smuggling', in the mod proxy ajp module of the Apache HTTP Server. This...

VulnCheck KEV: CVE-2020-11984

Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE...

PT-2022-6219 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.55 Description: The issue is related to the mod proxy module in Apache HTTP Server, where it fails to properly handle CRLF sequences in HTTP headers. This can be exploited by a remote attacker to perfo...

VulnCheck KEV: CVE-2021-40438

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

httpd: mod_proxy_wstunnel tunneling of non Upgraded connection

A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections...

httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"

A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...

httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"

A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...

The vulnerability of the mod_proxy module in the Apache HTTP Server allows a hacker to perform an SSRF attack.

The vulnerability of the modproxy module in the Apache HTTP Server is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

mod_proxy SSRF

...

AZL-6485 CVE-2021-36160 affecting package httpd for versions less than 2.4.52-1

A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive...