719 matches found
Apache HTTP Server 2.4.0 - 2.4.55 HTTP Request Smuggling Vulnerability - Windows
Apache HTTP Server is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2023-25690
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
CVE-2023-25690
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
Design/Logic Flaw
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
CVE-2023-25690
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
CVE-2023-25690
CVE-2023-25690 concerns Apache HTTP Server 2.4.0–2.4.55 with mod_proxy enabled when combined with certain RewriteRule or ProxyPassMatch patterns that re-insert user-supplied URL data into the proxied request-target via variable substitution. The underlying flaw enables HTTP request smuggling thro...
CVE-2023-25690 Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
CVE-2023-25690
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
CVE-2023-25690
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
CVE-2023-25690
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
KLA48513 Multiple vulnerabilities in Apache HTTP Server
Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to bypass security restrictions. Below is a complete list of vulnerabilities: 1. HTTP request smuggling vulnerability in modrewrite and modproxy can be exploited to bypass security...
ALSA-2023:0970 Moderate: httpd security and bug fix update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...
httpd security and bug fix update
2.4.53-7.0.1 - Replace index.html with Oracle's index page oracleindex.html. 2.4.53-7.1 - Resolves: 2165975 - prevent sscg creating /dhparams.pem - Resolves: 2165970 - CVE-2006-20001 httpd: moddav: out-of-bounds read/write of zero byte - Resolves: 2165973 - CVE-2022-37436 httpd: modproxy: HTTP...
Moderate: httpd security and bug fix update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...
RLSA-2023:0852 Moderate: httpd:2.4 security and bug fix update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...
httpd:2.4 security and bug fix update
httpd 2.4.37-51.0.1.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-51.1 - Resolves: 2165967 - prevent sscg creating /dhparams.pem - Resolves: 2165976 - CVE-2006-20001 httpd: moddav: out-of-bounds read/write of zero...
K01552024: Apache vulnerability CVE-2021-40438
Security Advisory Description A crafted request uri-path can cause modproxy to forward the request to an origin server chosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. CVE-2021-40438 Impact A remote attacker can exploit this vulnerability by sending a specially...
K3279: Heap-based buffer overflow in mod_proxy - CAN-2004-0492
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K94828628: Apache mod_proxy HTTP/2 vulnerability CVE-2021-33193
Security Advisory Description A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. CVE-2021-33193 Impact There is no impact; F5 products are not...
K5534: Apache mod_proxy message format vulnerability CAN-2004-0700
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...