CVE-2022-37436

A flaw was found in the modproxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client...

[slackware-security] httpd

New httpd packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.55-i586-1slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: modproxy allow...

Apache HTTP Server < 2.4.55 Multiple Vulnerabilities - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

CVE-2022-37436 Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: moddav out of bounds read, or write of zero byte CVE-2006-20001 moderate modproxyajp Possible request smuggling CVE-2022-36760 moderate modproxy prior to 2.4.55 allows a backend to trigger HTTP response splitting CVE-2022-37436 moderate...

K15893: Apache HTTP server vulnerabilities CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, and CVE-2014-3523

Security Advisory Description CVE-2014-0117 The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header. CVE-2014-0118 The deflateinfilter function...

K00373024: Apache vulnerability CVE-2016-8743

Security Advisory Description Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of...

Apache httpd mod_proxy NULL Pointer Dereference (CVE-2021-44224)

A NULL pointer dereference vulnerability exists in the modproxy module of Apache httpd. The vulnerability is due to improper handling of malformed Request-URIs sent to servers configured as a forward proxy. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted...

RLSA-2022:8067 Moderate: httpd security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.53. BZ2079939 Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of...

Moderate: httpd security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.53. BZ2079939 Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of...

RHEL 8 : httpd:2.4 (RHSA-2022:7647)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7647 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/wri...

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

httpd:2.4 security update

An update is available for httpd, modhttp2, modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful,...

Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of uninitialized value of in r:parsebody CVE-2022-22719 httpd: core: Possible buffer overflow with very...

RHEL 7 : httpd24-httpd (RHSA-2022:6753)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6753 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/wri...

httpd:2.4 security update

httpd 2.4.37-47.0.2.2 - modproxy: approxyhttprequest to clear hop-by-hop first and...

httpd security update

2.4.6-97.0.7.5 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34381850...

httpd security update

2.4.51-7.0.2 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34381949...

CentOS 8 : httpd:2.4 (CESA-2022:5163)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:5163 advisory. - httpd: modproxy NULL pointer dereference CVE-2020-13950 Note that Nessus has not tested for this issue but has instead relied only on the application's...

SUSE-SU-2022:2302-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in modproxyajp bsc1200338 - CVE-2022-28614: Fixed read beyond bounds via aprwrite bsc1200340 - CVE-2022-28615: Fixed read beyond bounds in apstrcmpmatch bsc1200341 - CVE-2022-29404: Fixed denial...