Lucene search
K

43 matches found

RedhatCVE
RedhatCVE
added 2026/06/12 2:35 p.m.11 views

CVE-2026-29170

A flaw was found in Apache HTTP Server, specifically within the modproxyftp module. This cross-site scripting XSS vulnerability occurs during the generation of HTML directory lists when the server is configured to list FTP directory contents via either a forward or reverse proxy. An attacker coul...

6.1CVSS5AI score0.00504EPSS
Exploits0References4
OSV
OSV
added 2026/06/10 8:39 a.m.8 views

BIT-APACHE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.3CVSS5.4AI score0.00562EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 8:39 a.m.6 views

BIT-APACHE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.1AI score0.00504EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:29 a.m.9 views

SUSE CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

5.4CVSS5.1AI score0.00504EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-29170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory...

6.1CVSS5.2AI score0.00504EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 4:16 p.m.4 views

UBUNTU-CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.1AI score0.00504EPSS
Exploits0References5
CVE
CVE
added 2026/06/08 3:11 p.m.134 views

CVE-2026-44186

CVE-2026-44186 affects Apache HTTP Server (mod_proxy_ftp). A loop with an unreachable exit condition can occur when handling an attacker-controlled backend FTP server, impacting 2.4.0 through 2.4.67. The issue’s remediation is to upgrade to Apache HTTP Server 2.4.68 or later. The provided connect...

7.3CVSS5.4AI score0.00562EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/08 3:11 p.m.111 views

CVE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

0.00562EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/08 3:10 p.m.52 views

CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.1AI score0.00504EPSS
Exploits0
CVE
CVE
added 2026/06/08 3:10 p.m.83 views

CVE-2026-29170

CVE-2026-29170 describes a cross-site scripting (XSS) vulnerability in Apache HTTP Server 2.4.67 and earlier, affecting mod_proxy_ftp during HTML directory list generation when listing FTP directory contents via forward or reverse proxy configurations. The vulnerability arises in the HTML directo...

6.1CVSS5.2AI score0.00504EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/08 3:10 p.m.9 views

CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.2AI score0.00504EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47314

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.68 Description A cross-site scripting issue exists in the HTML directory list generation of mod proxy ftp when listing FTP directory contents through forward or reverse proxy configurations...

9.8CVSS5.2AI score0.99957EPSS
Exploits24References114
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.8 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There is a bug in Apache HTTP Server involving infinite loops; however, detailed information...

7.3CVSS5.8AI score0.00562EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

Apache HTTP Server 跨站脚本漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.67 and earlier had a cross-site scripting vulnerability. Thi...

6.1CVSS4.9AI score0.00504EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.7 views

MiracleLinux 3 : httpd-2.2.3-31.2.1AXS3 (AXSA:2009-424:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-424:03 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security bugs fixed with this release: CVE-2009-3094 The approxyftphandle...

9.8CVSS7.6AI score0.87264EPSS
Exploits16References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.4 views

SUSE CVE-2009-3094

The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...

2.6CVSS8.7AI score0.08566EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.6 views

SUSE CVE-2012-3499

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

4.3CVSS7.9AI score0.22913EPSS
Exploits2References7
OSV
OSV
added 2020/08/24 12:6 p.m.6 views

SUSE-SU-2020:14460-1 Security update for squid3

This update for squid3 fixes the following issues: - Fixed a Cache Poisoning and Request Smuggling attack CVE-2020-15049, bsc1173455 - Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses CVE-2019-12519,...

9.9CVSS9.2AI score0.74477EPSS
Exploits1References39
OSV
OSV
added 2020/04/21 8:5 a.m.33 views

SUSE-SU-2020:14342-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2020-1934: modproxyftp may use uninitialized memory when proxying to a malicious FTP server bsc1168404. - CVE-2020-1938: modproxyajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication bsc1169066...

9.8CVSS7.7AI score0.9927EPSS
Exploits45References5
OSV
OSV
added 2020/04/01 8:15 p.m.5 views

ALPINE-CVE-2020-1934

In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server...

5.3CVSS7AI score0.51951EPSS
Exploits0References1
Rows per page
Query Builder