Lucene search
K

29 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.4 views

httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers

A flaw was found in Apache HTTP Server. This heap-based buffer overflow vulnerability can be exploited by a malicious backend server when using ProxyPassReverseCookie directives. This could lead to a denial of service DoS condition, making the server unavailable to legitimate users...

7.5CVSS6AI score0.00682EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Apache2

Some modproxy configurations on the Apache HTTP Server versions 2.4.0 through 2.4.55 allow for an HTTP Request Smuggling attack. These configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch, where a non-specific pattern matches a portion of the...

9.8CVSS6.8AI score0.8377EPSS
Exploits5References2
OSV
OSV
added 2026/06/08 4:16 p.m.2 views

ALPINE-CVE-2026-34356

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.5CVSS5.9AI score0.00682EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 3:12 p.m.109 views

CVE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

0.00682EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 8:50 a.m.7 views

BIT-NGINX-GATEWAY-2026-42934 NGINX ngx_http_charset_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...

6.3CVSS6.1AI score0.00717EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 8:50 a.m.9 views

BIT-NGINX-2026-42934 NGINX ngx_http_charset_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...

6.3CVSS6.1AI score0.00717EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.14 views

CVE-2026-42934

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...

6.3CVSS0.00717EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.8 views

CVE-2026-42934

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...

6.3CVSS5.9AI score0.00717EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Oracle Linux 10 : net-snmp (ELSA-2026-0668)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0668 advisory. 1:5.9.4-15.0.1.2 - fix error index value when snmpget is used a proxy pass Orabug: 35010262 1:5.9.4-15.2 - fix out of bound access RHEL-137497 1:5.9.4-15.1 -...

9.8CVSS5.9AI score0.4269EPSS
Exploits2References2
Oracle linux
Oracle linux
added 2026/01/15 12:0 a.m.18 views

net-snmp security update

5.9.1-17.0.1.1 - fix error index value when snmpget is used a proxy pass Orabug: 35010262 1:5.9.1-17.1 - fix out of bound access issue RHEL-137510 - enable PQC RHEL-132653...

9.8CVSS7AI score0.4269EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2023/06/05 12:30 p.m.6 views

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

9.8CVSS6.6AI score0.8377EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2023/06/05 11:46 a.m.7 views

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

9.8CVSS6.6AI score0.8377EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2023/04/20 1:49 p.m.9 views

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

9.8CVSS6.6AI score0.8377EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2023/04/06 5:3 p.m.6 views

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

9.8CVSS6.6AI score0.8377EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2023/04/06 4:17 p.m.6 views

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

9.8CVSS6.6AI score0.8377EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2023/04/04 11:7 a.m.4 views

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

9.8CVSS6.6AI score0.8377EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2023/04/04 10:1 a.m.6 views

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

9.8CVSS6.6AI score0.8377EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2023/04/03 4:1 p.m.6 views

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

9.8CVSS6.6AI score0.8377EPSS
Exploits5References5
OSV
OSV
added 2023/03/17 11:5 a.m.8 views

OESA-2023-1161 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can...

9.8CVSS9.2AI score0.8377EPSS
Exploits5References3
OSV
OSV
added 2023/03/07 4:15 p.m.9 views

AZL-25605 CVE-2023-25690 affecting package httpd for versions less than 2.4.56-1

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

9.8CVSS6.7AI score0.8377EPSS
Exploits5References1
Rows per page
Query Builder