3 matches found
Siemens SINEC NMS < V2.0 SP1 Multiple Vulnerabilities
The version of Siemens SINEC NMS installed on the remote host is prior to 2.0.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA-943925 advisory. - coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers...
Oracle Linux 9 : httpd / and / mod_http2 (ELSA-2023-1670)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-1670 advisory. - Resolves: 2177751 - CVE-2023-25690 httpd: HTTP request splitting with modrewrite and modproxy - Resolves: 2165970 - CVE-2006-20001 httpd: moddav: out-of-bound...
CVE-2023-25690
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...