CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

155 matches found

RedHat Linux•added 2024/07/23 8:57 a.m.•2 views

httpd: Encoding problem in mod_proxy

A flaw was found in the modproxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication...

8.1CVSS7.1AI score0.88359EPSS

Exploits1References5

Positive Technologies•added 2024/04/01 12:0 a.m.•7 views

PT-2024-4677

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.59 and earlier Description: A null pointer dereference in the mod proxy module of Apache HTTP Server allows an attacker to crash the server via a malicious request. This issue can be exploited by a remote...

7.8CVSS6.7AI score0.01924EPSS

Exploits0References168

RedHat Linux•added 2023/08/15 5:43 p.m.•3 views

httpd: mod_proxy_ajp: Possible request smuggling

A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...

9CVSS7.1AI score0.0031EPSS

Exploits0References5

RedHat Linux•added 2023/05/24 8:59 a.m.•6 views

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

9.8CVSS6.6AI score0.67011EPSS

Exploits5References5

OSV•added 2023/03/16 9:5 p.m.•2 views

CLSA-2023-1679000716 httpd: Fix of 2 CVEs

CVE-2023-25690: HTTP request splitting with modrewrite and modproxy - CVE-2023-27522: modproxyuwsgi: HTTP response splitting...

9.8CVSS6.8AI score0.67011EPSS

Exploits5References1

Vulnrichment•added 2023/03/07 3:9 p.m.•5 views

CVE-2023-25690 Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

6.5AI score0.67011EPSS

Exploits5References4

OSV•added 2023/03/06 8:51 p.m.•2 views

CLSA-2023-1678135884 httpd: Fix of 2 CVEs

CVE-2022-37436: modproxy: HTTP response splitting - CVE-2006-20001: moddav: out-of-bounds read/write...

7.5CVSS6.8AI score0.00539EPSS

Exploits0References1

RedHat Linux•added 2023/02/28 8:28 a.m.•2 views

httpd: mod_proxy_ajp: Possible request smuggling

9CVSS7.1AI score0.0031EPSS

Exploits0References5

RedHat Linux•added 2023/02/28 8:28 a.m.•2 views

httpd: mod_proxy: HTTP response splitting

A flaw was found in the modproxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client...

5.3CVSS7AI score0.00539EPSS

Exploits0References5

RedHat Linux•added 2023/02/21 9:35 a.m.•1 views

httpd: mod_proxy_ajp: Possible request smuggling

9CVSS7.1AI score0.0031EPSS

Exploits0References5

SUSE CVE•added 2023/02/15 6:7 a.m.•1 views

SUSE CVE-2008-2939

Cross-site scripting XSS vulnerability in proxyftp.c in the modproxyftp module in Apache 2.0.63 and earlier, and modproxyftp.c in the modproxyftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory...

4.3CVSS5.9AI score0.6456EPSS

Exploits4References6

SUSE CVE•added 2023/02/15 6:2 a.m.•1 views

SUSE CVE-2009-3095

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

5CVSS9.2AI score0.03845EPSS

Exploits2References4

SUSE CVE•added 2023/02/15 5:50 a.m.•8 views

SUSE CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

4.3CVSS6.9AI score0.09764EPSS

Exploits12References4

SUSE CVE•added 2023/02/15 5:49 a.m.•1 views

SUSE CVE-2011-4968

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack MITM...

5.8CVSS6.9AI score0.00391EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 5:39 a.m.•3 views

SUSE CVE-2013-2070

http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...

5.8CVSS6.7AI score0.06821EPSS

Exploits17References3

SUSE CVE•added 2023/02/15 3:27 a.m.•4 views

SUSE CVE-2022-26377

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

7.4CVSS8.6AI score0.32376EPSS

Exploits1References9