Denial Of Service (DoS)

httpd is vulnerable to denial of service. A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a...

CVE-2019-10092

A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation. Mitigation This flaw is only exploitable ...

EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1370)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1370)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Aspera Web Applications (Faspex, Console, Shares) are affected by Apache Vulnerabilities (CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098), )

Summary Aspera Web Applications Faspex, Console, Shares have addressed the following Apache vulnerabilities. Vulnerability Details CVEID: CVE-2019-10081 DESCRIPTION: HTTP/2 2.4.20 through 2.4.39 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory ...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2691)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2019-2691)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause...

Exploit for Cross-site Scripting in Apache Http_Server

CVE-2019-10092 Docker - Apache HTTP Server Using $ d...

Moderate: Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update

An update for httpd24, httpd24-httpd, and httpd24-nghttp2 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

The vulnerability of the mod_proxy module in the Apache HTTP Server allows a hacker to redirect users to a malicious website through a specially crafted web page.

The vulnerability of the modproxy module in the Apache HTTP Server is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to redirect users to a malicious website using a specially crafted web page...

Apache Httpd mod_proxy - Error Page Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications The trick is to use a vertical tab %09 and then place another URL in the tag. So once a victim clicks the link on the error page, she will go somewhere else. As you can see, the browser changes the destination from relative / to an absolu...

Amazon Linux 2 : httpd (ALAS-2019-1341)

A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.CVE-2019-10092 A vulnerability was...

Amazon Linux AMI : httpd24 (ALAS-2019-1311) (Internal Data Buffering)

A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.CVE-2019-10081 A read-after-free vulnerability was discovered in Apache httpd, in modhttp2. A specially crafted http/2 client session...

Apache HTTP Server 2.4.0 - 2.4.40 Multiple Vulnerabilities - Linux

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

Apache HTTP Server 2.4.0 - 2.4.40 Multiple Vulnerabilities - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

Apache Httpd mod_proxy - Error Page Cross-Site Scripting

The trick is to use a vertical tab %09 and then place another URL in the tag. So once a victim clicks the link on the error page, she will go somewhere else. As you can see, the browser changes the destination from relative / to an absolute url https://enoflag.de. The exploit is...

Apache Httpd mod_proxy - Error Page Cross-Site Scripting

Apache Httpd modproxy - Error Page Cross-Site Scripting The trick is to use a vertical tab %09 and then place another URL in the tag. So once a victim clicks the link on the error page, she will go somewhere else. As you can see, the browser changes the destination from relative / to an absolute...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affect IBM Security Access Manager for Enterprise Single Sign-On

Summary These issues were also addressed by IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On. Vulnerability Details CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By...

CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with...

Cross site scripting

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with...