EUVD-2007-6388

Malware in sbrugna...

EUVD-2022-6522

Malicious code in bioql PyPI...

SUSE CVE-2007-6422

The balancerhandler function in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service child process crash via an invalid bb variable...

Undertow vulnerable to Dos via Large AJP request

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

GHSA-95RF-557X-44G5 Undertow vulnerable to Dos via Large AJP request

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

CVE-2022-2053

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

Design/Logic Flaw

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

Apache HTTP Server DoS Vulnerability (Sep 2011) - Linux

Apache HTTP Server is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Apache HTTP Server Multiple Vulnerabilities (Feb 2013) - Linux

Apache HTTP Server is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

SUSE: Security Advisory (SUSE-SU-2013:0830-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-Site Request Forgery (CSRF)

The modproxybalancer module in Apache HTTP server is vulnerable to cross-site request forgery CSRF. A remote attacker could cause a denial of service by exploiting the vulnerability if modproxybalancer is enabled and an authenticated user is targeted...

Denial Of Service (DoS)

https is vulnerable to denial of service. A flaw was found in the modproxybalancer module. On sites where modproxybalancer was enabled, an authorized user could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial o...

Cross-Site Scripting (XSS)

httpd is vulnerable to cross-site scripting XSS. A flaw was found in the modproxybalancer module. On sites where modproxybalancer was enabled, a cross-site scripting attack against an authorized user was possible...

Arbitrary Code Injection

The Apache HTTP Server is a popular web server. Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitra...

Apache 2.4.x < 2.4.4 Multiple XSS Vulnerabilities

According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.4. It is, therefore, affected by the following cross-site scripting vulnerabilities : - Errors exist related to the modules modinfo, modstatus, modimagemap, modldap, and modproxyftp and unescaped...

CVE-2007-6423

Unspecified vulnerability in modproxybalancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue...

httpd security, bug fix, and enhancement update

2.2.15-45.0.1 - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.2.15-45 - modproxybalancer: add support for 'drain mode' N 767130 2.2.15-44 - set SSLCipherSuite to DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES 1086771 2.2.15-43 - revert DirectoryMatch patc...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.1.1 update

Red Hat JBoss Enterprise Application Platform 6.1.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability...

httpd: XSS flaw in mod_proxy_balancer manager interface

Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML vi...

Amazon Linux AMI : httpd24 (ALAS-2013-194)

Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the...