103 matches found
httpd: mod_proxy: HTTP response splitting
A flaw was found in the modproxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client...
httpd: mod_proxy_ajp: Possible request smuggling
A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...
SUSE CVE-2022-26377
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...
Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting
...
Apache HTTP Server: mod_proxy_ajp Possible request smuggling
...
httpd: mod_proxy_ajp: Possible request smuggling
An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests...
httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
A flaw was found in the modproxy module of httpd. The server may remove the X-Forwarded- headers from a request based on the client-side Connection header hop-by-hop mechanism...
httpd: mod_proxy_ajp: Possible request smuggling
An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests...
httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
A flaw was found in the modproxy module of httpd. The server may remove the X-Forwarded- headers from a request based on the client-side Connection header hop-by-hop mechanism...
httpd: possible NULL dereference or SSRF in forward proxy configurations
There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...
httpd: mod_proxy_ajp: Possible request smuggling
An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests...
Authorization
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in...
DEBIAN-CVE-2022-26377
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...
Apache HTTP Server 环境问题漏洞
Apache HTTP Server is an open source web server from the American Apache Apache Foundation. The server is fast, reliable, and extensible via a simple API. HTTP request smuggling vulnerability exists in Apache HTTP Server modproxyajp. An attacker could exploit this vulnerability to smuggle request...
httpd: Request splitting via HTTP/2 method injection and mod_proxy
A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity...
httpd: mod_proxy NULL pointer dereference
A flaw was found In Apache httpd. The modproxy has a NULL pointer dereference. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
httpd: mod_proxy NULL pointer dereference
A flaw was found In Apache httpd. The modproxy has a NULL pointer dereference. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"
A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...
httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"
A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...
httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"
A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...