Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 7:28 p.m.7 views

CVE-2026-42055

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS6.5AI score0.02838EPSS
Exploits1References4
CVE
CVE
added 2026/06/17 2:4 p.m.288 views

CVE-2026-42055

CVE-2026-42055 affects NGINX Plus and NGINX Open Source via the ngx_http_proxy_v2_module and ngx_http_grpc_module. A remote, unauthenticated attacker can exploit scenarios where proxy_http_version 2 or grpc_pass is used, ignore_invalid_headers is off, and large_client_header_buffers is set to mul...

9.2CVSS6AI score0.02838EPSS
Exploits1References5Affected Software9
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 8 : httpd:2.4 (AXSA:2025-10834:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10834:01 advisory. httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible usi...

9.1CVSS7.9AI score0.01149EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.4 views

Astra Linux – Vulnerability in Apache2

In certain proxy configurations, a denial-of-service attack against Apache HTTP Server versions 2.4.26 through 2.4.63 can occur when untrusted clients trigger an assertion in modproxyhttp2. The configurations affected include reverse proxies configured for HTTP/2 backends, where ProxyPreserveHost...

7.5CVSS7.1AI score0.01149EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/08 12:0 a.m.6 views

RockyLinux 8 : httpd:2.4 (RLSA-2025:15123)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:15123 advisory. httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using TL...

9.1CVSS7.7AI score0.01149EPSS
Exploits1References9
AlmaLinux
AlmaLinux
added 2025/09/02 12:0 a.m.9 views

Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modproxyhttp2: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module CVE-2025-49630 For more details about the security...

7.5CVSS6.9AI score0.01149EPSS
Exploits0References4
Rows per page
Query Builder