719 matches found
BIT-APACHE-2024-38473 Apache HTTP Server proxy encoding problem
Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
BIT-APACHE-2024-38477 Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
BIT-APACHE-2024-39573 Apache HTTP Server: mod_rewrite proxy handler substitution
Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
Internet Bug Bounty: moderate: Apache HTTP Server: mod_rewrite proxy handler substitution (CVE-2024-39573) CWE-20 Improper Input Validation
moderate: Apache HTTP Server proxy encoding problem CVE-2024-38473 An encoding problem was discovered in modproxy in Apache HTTP Server versions 2.4.59 and earlier. This issue allowed request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via...
Internet Bug Bounty: important: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request (CVE-2024-38477)
important: Apache HTTP Server: Crash resulting in Denial of Service in modproxy via a malicious request CVE-2024-38477 A null pointer dereference vulnerability was discovered in modproxy in Apache HTTP Server versions 2.4.59 and earlier. This vulnerability allowed an attacker to crash the server ...
SUSE CVE-2024-38477
null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
FreeBSD : Apache httpd -- Multiple vulnerabilities (d7efc2ad-37af-11ef-b611-84a93843eb75)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d7efc2ad-37af-11ef-b611-84a93843eb75 advisory. The Apache httpd project reports: DoS by Null pointer in websocket over HTTP/2 CVE-2024-36387...
CVE-2024-38477
A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service. Mitigation Red Hat has investigated whether a possible mitigation exists for thi...
CVE-2024-38473
A flaw was found in the modproxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication. Mitigation Mitigation for this issue is either not available or the currently available optio...
ALPINE-CVE-2024-38477
null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
CVE-2024-39573
Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
CVE-2024-38477
null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
DEBIAN-CVE-2024-38473
Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
CVE-2024-38473
Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
CVE-2024-38473
Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
CVE-2024-39573
Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
CVE-2024-39573
The CVE-2024-39573 entry corresponds to Apache HTTP Server mod_rewrite/mod_proxy SSRF-related risk and is confirmed by connected sources reporting the issue in Apache httpd 2.4.59 and earlier, with a fix in 2.4.60 (and later 2.4.61 in later advisories). Root cause: unsafe RewriteRules/Substitutio...
CVE-2024-39573 Apache HTTP Server: mod_rewrite proxy handler substitution
Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
CVE-2024-39573
Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
CVE-2024-39573 Apache HTTP Server: mod_rewrite proxy handler substitution
Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...