K87323016: Apache mod_proxy vulnerability CVE-2020-13950

Security Advisory Description Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service CVE-2020-13950 Impact There is no impact; F...

K30442259: Apache HTTPD vulnerability CVE-2019-10092

Security Advisory Description In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable whe...

K20979231: Apache vulnerability CVE-2011-3639

Security Advisory Description The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy,...

K23332326: Apache HTTPD vulnerability CVE-2010-2791

Security Advisory Description modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for ...

ALSA-2023:0852 Moderate: httpd:2.4 security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...

Moderate: httpd:2.4 security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...

SUSE CVE-2007-3847

The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...

SUSE CVE-2011-3368

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...

SUSE: Security Advisory (SUSE-SU-2023:0322-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:0322-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in modproxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body bsc1207251. - CVE-2022-36760: Fixed an issue in...

SUSE-SU-2023:0321-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in modproxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body bsc1207251. - CVE-2022-36760: Fixed an issue in...

MGASA-2023-0032 Updated apache packages fix security vulnerability

CVE-2022-37436: Apache HTTP Server: modproxy prior to 2.4.55 allows a backend to trigger HTTP response splitting. Prior to 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers ha...

Ubuntu: Security Advisory (USN-5839-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Aspera Orchestrator vulnerable to server-side request forgery due to Apache HTTP Server vulnerability (CVE-2021-40438)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in modproxy. By sending a specially crafted request uri-path, a remo...

USN-5839-2: Apache HTTP Server vulnerability

USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server modproxy module incorrectly truncated certain response headers. This may result in later...

Ubuntu: Security Advisory (USN-5839-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5839-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server moddav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2006-20001 ZeddYuLu discovered that the Apache HTTP Server modproxyajp...

The vulnerability of the mod_proxy module in the Apache HTTP Server allows attackers to perform attacks that involve splitting HTTP responses.

The vulnerability of the modproxy module in the Apache HTTP Server is related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a remote attacker to perform attacks that involve splitting HTTP responses...

EulerOS Virtualization 3.0.2.2 : httpd (EulerOS-SA-2023-1260)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...

SUSE-SU-2023:0185-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in modproxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body bsc1207251. - CVE-2022-36760: Fixed an issue in...