Lucene search
K

66 matches found

Debian CVE
Debian CVE
added 2021/09/16 2:40 p.m.121 views

CVE-2021-40438

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

9CVSS7.5AI score0.99999EPSS
Exploits5
CVE
CVE
added 2021/09/16 2:40 p.m.4718 views

CVE-2021-40438

CVE-2021-40438 is an SSRF flaw in Apache HTTP Server 2.4.x through older revisions where a crafted request URI path can cause mod_proxy to forward the request to an origin server chosen by the remote user. The issue affects Apache httpd 2.4.48 and earlier; the CVSSv3.1 base score is 9.0 (CRITICAL...

9CVSS9.5AI score0.99999EPSS
In wildExploits5References20Affected Software1
Apache Httpd
Apache Httpd
added 2021/09/16 12:0 a.m.368 views

Apache Httpd < 2.4.49 : mod_proxy SSRF

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

9CVSS1.5AI score0.99999EPSS
Exploits5
OSV
OSV
added 2021/06/10 7:15 a.m.48 views

CVE-2021-26691

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

9.8CVSS6.8AI score
Exploits0References13
OSV
OSV
added 2021/06/10 7:15 a.m.6 views

AZL-6477 CVE-2021-26691 affecting package httpd for versions less than 2.4.46-10

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

9.8CVSS7.2AI score0.68067EPSS
Exploits0References1
OSV
OSV
added 2021/06/10 7:15 a.m.2 views

DEBIAN-CVE-2021-26691

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

9.8CVSS8.2AI score0.68067EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/06/10 7:15 a.m.304 views

CVE-2019-17567

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

5.3CVSS6.8AI score0.60266EPSS
Exploits0References4
OSV
OSV
added 2021/06/10 7:15 a.m.2 views

UBUNTU-CVE-2021-26691

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

9.8CVSS7.2AI score0.68067EPSS
Exploits0References7
Cvelist
Cvelist
added 2021/06/10 7:10 a.m.238 views

CVE-2021-26691 Apache HTTP Server mod_session response handling heap overflow

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

9.7AI score0.68067EPSS
Exploits0References13
Hacker One
Hacker One
added 2021/02/17 3:36 p.m.45 views

CS Money: Origin IP found, Cloudflare bypassed

Greetings!, Hope Y'all good and fine. Summary: I would like to report another vulnerability very Similar to my other report in 975991 Due to lack of secure design, I was able to find the origin IPs behind Cloludflare WAF. The IPs I found belong to : 3d.cs.money Description: I was able to find and...

0.1AI score
Exploits0
OSV
OSV
added 2019/11/19 4:15 p.m.2 views

DEBIAN-CVE-2011-4968

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack MITM...

4.8CVSS5.1AI score0.03989EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2019/11/19 4:15 p.m.29 views

CVE-2011-4968

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack MITM...

5.8CVSS5.9AI score0.03989EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2019/11/19 3:18 p.m.40 views

CVE-2011-4968

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack MITM...

5.8CVSS5AI score0.03989EPSS
Exploits1
The Hacker News
The Hacker News
added 2019/10/23 8:22 a.m.107 views

New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites

A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources. The issue could affect...

7.5CVSS8.5AI score0.03041EPSS
Exploits0
Hacker One
Hacker One
added 2019/09/29 5:13 p.m.39 views

People Interactive: Origin IP found, Cloudflare bypassed

The vulnerability allowed non-Cloudflare IP addresses to access the origin servers, bypassing Cloudflare's protection and potentially exposing the servers to unfiltered attacks and data retrieval...

7AI score
Exploits0
Hacker One
Hacker One
added 2018/02/17 1:29 a.m.106 views

GSA Bounty: Subdomain Takeover due to unclaimed domain pointing to AWS

Note: I know this is on an out of scope domain, however felt it should still be raised as it was the only subdomain of data.gov to be vulnerable. Issue Details The consultant identified that subdomain https://18f.domains.api.data.gov/ is pointing to dn9rrjaiux2m0.cloudfront.net via a DNS CNAME...

Exploits0
RedhatCVE
RedhatCVE
added 2016/05/09 9:18 a.m.31 views

CVE-2016-4554

An input validation flaw was found in Squid's mimegetheaderfield function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid...

5CVSS0.6AI score0.38893EPSS
Exploits0References2
Akamai Blog
Akamai Blog
added 2016/02/12 9:8 p.m.12 views

Redirecting On the Edge

On the web, every second counts. Service engineers and operations teams are looking for ways to save milliseconds from web pages' load times. One of the simpler ways to squeeze better performance from web pages already using a Content Delivery Network CDN is to move the redirection responses from...

2.6AI score
Exploits0
NVD
NVD
added 2011/07/07 9:55 p.m.22 views

CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

4.3CVSS8.7AI score0.06685EPSS
Exploits0References14
OSV
OSV
added 2011/07/07 9:55 p.m.1 views

DEBIAN-CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

4.3CVSS9AI score0.06685EPSS
Exploits0References1
Rows per page
Query Builder