EUVD-2019-7905

Malware in sbrugna...

K000133522: Apache mod_proxy_wstunnel vulnerability CVE-2019-17567

Security Advisory Description Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no...

CBL Mariner 2.0 Security Update: httpd (CVE-2019-17567)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-17567 advisory. - Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily...

SUSE CVE-2019-17567

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

httpd: mod_proxy_wstunnel tunneling of non Upgraded connection

A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections...

Amazon Linux AMI : httpd24 (ALAS-2021-1514)

The version of httpd24 installed on the remote host is prior to 2.4.48-1.92. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1514 advisory. A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 A flaw w...

FreeBSD : Apache httpd -- Multiple vulnerabilities (cce76eca-ca16-11eb-9b84-d4c9ef517024)

The Apache httpd reports : - moderate: modproxywstunnel tunneling of non Upgraded connections CVE-2019-17567 - moderate: Improper Handling of Insufficient Privileges CVE-2020-13938 - low: modproxyhttp NULL pointer dereference CVE-2020-13950 - low: modauthdigest possible stack overflow by one nul...

Amazon Linux 2 : httpd (ALAS-2021-1659)

The version of httpd installed on the remote host is prior to 2.4.48-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1659 advisory. A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 Apache HTTP...

MGASA-2021-0265 Updated apache packages fix security vulnerabilities

modproxywstunnel tunneling of non Upgraded connections: Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connecti...

CVE-2019-17567

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

CVE-2019-17567

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

Authentication flaw

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

CVE-2019-17567

CVE-2019-17567 affects Apache HTTP Server 2.4.x where mod_proxy_wstunnel on a URL not guaranteed to be upgraded by the origin server tunnels the entire connection, allowing subsequent requests on the same TCP connection to bypass HTTP validation, authentication, or authorization. Public reference...

CVE-2019-17567

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

CVE-2019-17567 mod_proxy_wstunnel tunneling of non Upgraded connections

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

Apache HTTP Server 2.4.6 - 2.4.46 Tunneling Misconfiguration Vulnerability - Linux

Apache HTTP Server is prone to a tunneling misconfiguration vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Apache HTTP Server 2.4.6 - 2.4.46 Tunneling Misconfiguration Vulnerability - Windows

Apache HTTP Server is prone to a tunneling misconfiguration vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

CVE-2019-17567

A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. Mitigation Only configurations which use modproxywstunnel are affected by this flaw. It is also safe to comment-out the "LoadModule proxywstunnelmodule ... " line in...

Unspecified Vulnerability in Apache HTTP Server (CNVD-2021-44766)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server has a security vulnerability in modproxywstunnel, modproxyhttp, no details of the vulnerability are provided at...

Apache HTTP Server 环境问题漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server has a security vulnerability in modproxywstunnel, modproxyhttp, no details of the vulnerability are provided at...