156 matches found
CVE-2022-28614
The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...
CVE-2022-30556
A flaw was found in the modlua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure. Mitigation Disabling modlua and restarting httpd will mitigate this flaw...
CVE-2022-29404
A flaw was found in the modlua module of httpd. A malicious request to a Lua script that calls parsebody0 can lead to a denial of service due to no default limit on the possible input size. Mitigation Disabling modlua and restarting httpd will mitigate this flaw...
CVE-2022-30556 Information Disclosure in mod_lua with websockets
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread that point past the end of the storage allocated for the buffer...
CVE-2022-29404 Denial of service in mod_lua r:parsebody
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...
Apache Httpd < 2.4.54 : Denial of service in mod_lua r:parsebody
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...
Apache Httpd < 2.4.54 : Information Disclosure in mod_lua with websockets
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread that point past the end of the storage allocated for the buffer...
Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports: CVE-2022-31813: modproxy X-Forwarded-For dropped by hop-by-hop mechanism. Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP...
Apache 2.4.x < 2.4.52 mod_lua Buffer Overflow
The version of Apache httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by a flaw related to modlua when handling multipart content. A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The...
NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2022-0021)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by multiple vulnerabilities: - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow CVE-2021-26691 ...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1671)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: httpd
Issue Overview: A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest treat of this vulnerability is availability. CVE-2022-22719 A flaw was found in...
Slackware: Security Advisory (SSA:2022-073-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-1488)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixi...
Important: Red Hat Security Advisory: httpd security update
An update for httpd is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact...
httpd: mod_lua: Possible buffer overflow when parsing multipart content
A buffer overflow flaw in httpd's lua module could allow an out-of-bounds write. An attacker who is able to submit a crafted request to an httpd instance that is using the lua module may be able to cause an impact to confidentiality, integrity, and/or availability...
Important: Red Hat Security Advisory: httpd security update
An update for httpd is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: httpd security update
An update for httpd is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1349)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : httpd (EulerOS-SA-2022-1349)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixi...