43 matches found
CVE-2026-29170
A flaw was found in Apache HTTP Server, specifically within the modproxyftp module. This cross-site scripting XSS vulnerability occurs during the generation of HTML directory lists when the server is configured to list FTP directory contents via either a forward or reverse proxy. An attacker coul...
BIT-APACHE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...
BIT-APACHE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS
A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...
SUSE CVE-2026-29170
A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...
Linux Distros Unpatched Vulnerability : CVE-2026-29170
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory...
UBUNTU-CVE-2026-29170
A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...
CVE-2026-44186
CVE-2026-44186 affects Apache HTTP Server (mod_proxy_ftp). A loop with an unreachable exit condition can occur when handling an attacker-controlled backend FTP server, impacting 2.4.0 through 2.4.67. The issue’s remediation is to upgrade to Apache HTTP Server 2.4.68 or later. The provided connect...
CVE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...
CVE-2026-29170
A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...
CVE-2026-29170
CVE-2026-29170 describes a cross-site scripting (XSS) vulnerability in Apache HTTP Server 2.4.67 and earlier, affecting mod_proxy_ftp during HTML directory list generation when listing FTP directory contents via forward or reverse proxy configurations. The vulnerability arises in the HTML directo...
CVE-2026-29170
A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...
PT-2026-47314
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.68 Description A cross-site scripting issue exists in the HTML directory list generation of mod proxy ftp when listing FTP directory contents through forward or reverse proxy configurations...
Apache HTTP Server 安全漏洞
Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There is a bug in Apache HTTP Server involving infinite loops; however, detailed information...
Apache HTTP Server 跨站脚本漏洞
Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.67 and earlier had a cross-site scripting vulnerability. Thi...
MiracleLinux 3 : httpd-2.2.3-31.2.1AXS3 (AXSA:2009-424:03)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-424:03 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security bugs fixed with this release: CVE-2009-3094 The approxyftphandle...
SUSE CVE-2009-3094
The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...
SUSE CVE-2012-3499
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
SUSE-SU-2020:14460-1 Security update for squid3
This update for squid3 fixes the following issues: - Fixed a Cache Poisoning and Request Smuggling attack CVE-2020-15049, bsc1173455 - Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses CVE-2019-12519,...
SUSE-SU-2020:14342-1 Security update for apache2
This update for apache2 fixes the following issues: - CVE-2020-1934: modproxyftp may use uninitialized memory when proxying to a malicious FTP server bsc1168404. - CVE-2020-1938: modproxyajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication bsc1169066...
ALPINE-CVE-2020-1934
In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server...