Lucene search
K

513 matches found

RedHat Linux
RedHat Linux
added 2024/08/06 8:17 a.m.5 views

httpd: Potential SSRF in mod_rewrite

A flaw was found in the modrewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the modproxy module...

7.5CVSS7AI score0.35447EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/06 8:17 a.m.50 views

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

8.1CVSS6.7AI score0.35447EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/08/06 12:0 a.m.41 views

RHEL 9 : httpd (RHSA-2024:5001)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5001 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem...

8.1CVSS7.2AI score0.35447EPSS
Exploits1References7
Redos
Redos
added 2024/08/02 12:0 a.m.43 views

ROS-20240801-01

A vulnerability in the modrewrite function of Apache HTTP Server is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

9.1CVSS8AI score0.99957EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/07/31 2:59 p.m.5 views

httpd: Improper escaping of output in mod_rewrite

A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...

9.1CVSS7.4AI score0.99957EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/07/31 10:23 a.m.59 views

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS7.2AI score0.99957EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2024/07/31 12:0 a.m.38 views

SUSE: Security Advisory (SUSE-SU-2024:2624-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.99957EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2024/07/31 12:0 a.m.36 views

RHEL 7 : httpd (RHSA-2024:4938)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4938 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Substitution...

9.8CVSS8.2AI score0.99957EPSS
Exploits1References8
OSV
OSV
added 2024/07/30 7:4 a.m.35 views

SUSE-SU-2024:2624-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-38475: Fixed improper escaping of output in modrewrite bsc1227268 - CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect bsc1227269 - CVE-2024-38477: Fixed...

9.8CVSS7.6AI score0.99957EPSS
Exploits1References9
Redos
Redos
added 2024/07/29 12:0 a.m.44 views

ROS-20240729-17

Vulnerability in modrewrite module of Apache HTTP Server is related to insufficient checking of incoming requests. of incoming requests. Exploitation of the vulnerability could allow a remote attacker, gain unauthorized access to the device by forging requests on behalf of the server...

9.1CVSS6.8AI score0.01536EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2024/07/27 12:0 a.m.44 views

CBL Mariner 2.0 Security Update: httpd (CVE-2024-40898)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40898 advisory. - SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTM...

9.1CVSS6.8AI score0.01536EPSS
Exploits5References2
OSV
OSV
added 2024/07/26 2:26 p.m.8 views

CLSA-2024-1722003981 httpd: Fix of 5 CVEs

CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: modrewrite: server weakness in modrewrite when first segment of substitution matches filesystem path - CVE-2024-38477: modproxy: crash resulting in Denial of Service in modproxy via a...

9.8CVSS7AI score0.99957EPSS
Exploits1References1
Rockylinux
Rockylinux
added 2024/07/26 12:33 p.m.72 views

httpd security update

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

9.8CVSS7AI score0.99957EPSS
Exploits2
OSV
OSV
added 2024/07/26 12:33 p.m.45 views

RLSA-2024:4726 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Improper escaping of output in modrewrite CVE-2024-38475 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: null pointer dereference in modproxy...

9.1CVSS8AI score0.99957EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2024/07/26 12:0 a.m.99 views

Rocky Linux 9 : httpd (RLSA-2024:4726)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4726 advisory. httpd: Improper escaping of output in modrewrite CVE-2024-38475 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: null pointer...

9.8CVSS7.6AI score0.99957EPSS
Exploits2References11
RedHat Linux
RedHat Linux
added 2024/07/25 8:41 a.m.36 views

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS7.2AI score0.99957EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/07/25 8:34 a.m.4 views

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

9.8CVSS7.1AI score0.02456EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/07/25 8:34 a.m.4 views

httpd: Improper escaping of output in mod_rewrite

A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...

9.1CVSS7.4AI score0.99957EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/07/25 8:34 a.m.42 views

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS7.2AI score0.99957EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/07/25 12:0 a.m.42 views

SUSE SLED15: apache2 / apache2-devel / apache2-event / apache2-manual / etc (SUSE-SU-2024:2597-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2597-1 advisory. - CVE-2024-36387: Fixed DoS by null pointer in websocket over HTTP/2 bsc1227272 - CVE-2024-38475...

9.8CVSS7.1AI score0.99957EPSS
Exploits1References10
Rows per page
Query Builder