Apache <= 2.4.48 Mod_Proxy - Server-Side Request Forgery

Apache 2.4.48 and below contain an issue where uri-path can cause modproxy to forward the request to an origin server chosen by the remote user. id: CVE-2021-40438 info: name: Apache = 2.4.48 ModProxy - Server-Side Request Forgery author: pdteam severity: critical description: Apache 2.4.48 and...

Astra Linux - уязвимость в apache2

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

Azure Linux 3.0 Security Update: httpd (CVE-2024-38473)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38473 advisory. - Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect...

MiracleLinux 8 : httpd:2.4 (AXSA:2021-2483:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2483:01 advisory. httpd: modproxy: SSRF via a crafted request uri-path containing unix: CVE-2021-40438 httpd: modsession: Heap overflow via a crafted SessionHeader...

MiracleLinux 7 : httpd24-httpd-2.4.34-22.el7.1 (AXSA:2021-2460:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2460:01 advisory. httpd: modproxy: SSRF via a crafted request uri-path containing unix: CVE-2021-40438 Tenable has extracted the preceding description block directly from the...

MiracleLinux 3 : httpd-2.2.3-53.3.0.1.AXS3 (AXSA:2011-346:03)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-346:03 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2011-3368 The modproxy module in the...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2025-2228)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacke...

EUVD-2021-19907

Malware in sbrugna...

EUVD-2010-2795

Malware in sbrugna...

EUVD-2024-48827

Malicious code in bioql PyPI...

EUVD-2024-54774

Malicious code in bioql PyPI...

EUVD-2024-48867

Malicious code in bioql PyPI...

ROS-20250812-08

Apache HTTP Server vulnerability is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to launch an SSRF attack Vulnerability in the modules/proxy/modproxy.c component of the Apache HTTP Server web server is related t...

Azure Linux 3.0 Security Update: httpd (CVE-2024-43204)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43204 advisory. - SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL...

CVE-2024-43204

A Server-side request forgery SSRF vulnerability exists in Apache httpd when the server has modproxy loaded and is configured with modheaders to modify the Content-Type header in the HTTP request or response using a value supplied by the user. Under this configuration, this flaw allows an attacke...

AZL-65217 CVE-2024-43204 affecting package httpd for versions less than 2.4.64-1

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

CVE-2024-43204

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

CVE-2024-43204

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

TencentOS Server 3: httpd (TSSA-2023:0122)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0122 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Exploit for HTTP Request Smuggling in Apache Http_Server

CVE 2023 25690 - Proof of Concept Published: 7 March 2023...