Updated apache packages fix security vulnerability

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. CVE-2021-33193 Malformed requests may cause the server to dereference a NULL pointer. CVE-2021-34798 A carefully crafted request uri-path can cause...

Apache >= 2.4.17 < 2.4.49 mod_http2

The version of Apache httpd installed on the remote host is greater than 2.4.17 and prior to 2.4.49. It is, therefore, affected by a vulnerability as referenced in the 2.4.49 changelog. A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to...

Apache < 2.4.49 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.49. It is, therefore, affected by a vulnerability as referenced in the 2.4.49 changelog. - A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. CVE-2021-40438...

Cross-Site Request Forgery (CSRF)

apache2 is vulnerable to cross-site request forgery. An attacker may exploit the vulnerability by sending a crafted request uri-path that can cause modproxy to forward the request to an origin server choosen by the remote user...

Apache HTTP Server mod_proxy server-side request forgery vulnerability

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server in version 2.4.48 and earlier is vulnerable to server-side request forgery, which stems from a failure of the modproxy module to properly validate user input and can be exploited to forward requests to ...

Slackware Linux 14.0 / 14.1 / 14.2 / current httpd Multiple Vulnerabilities (SSA:2021-259-01)

The version of httpd installed on the remote host is prior to 2.4.49. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2021-259-01 advisory. - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitti...

Apache 2.4.x < 2.4.49 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.49. It is, therefore, affected by multiple vulnerabilities: - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache...

CVE-2021-40438

A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...

CVE-2021-40438

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

AZL-6487 CVE-2021-40438 affecting package httpd for versions less than 2.4.52-1

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

CVE-2021-40438

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

CVE-2021-40438

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

Design/Logic Flaw

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

CVE-2021-40438

CVE-2021-40438 is an SSRF flaw in Apache HTTP Server 2.4.x through older revisions where a crafted request URI path can cause mod_proxy to forward the request to an origin server chosen by the remote user. The issue affects Apache httpd 2.4.48 and earlier; the CVSSv3.1 base score is 9.0 (CRITICAL...

CVE-2021-40438 mod_proxy SSRF

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

CVE-2021-40438

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

Apache httpd -- multiple vulnerabilities

The Apache project reports: moderate: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 moderate: NULL pointer dereference in httpd core CVE-2021-34798 moderate: modproxyuwsgi out of bound read CVE-2021-36160 low: apescapequotes buffer overflow CVE-2021-39275 high: modprox...

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server in version 2.4.48 and earlier is vulnerable to server-side request forgery, which stems from a failure of the modproxy module to properly validate user input and can be exploited to forward requests to ...

Apache Httpd < 2.4.49 : mod_proxy SSRF

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

CVE-2021-40438

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Recent assessments: gwillcox-r7 at November 29, 2021 4:33pm UTC reported: This is an interesting bug that allows one to...