Apache >= 2.4.17 < 2.4.49 mod_http2

The version of Apache httpd installed on the remote host is greater than 2.4.17 and prior to 2.4.49. It is, therefore, affected by a vulnerability as referenced in the 2.4.49 changelog. A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to...

CVE-2021-41084

http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names Header.nameå, Header values Header.value, Status reason phrases...

CVE-2021-41084

http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names Header.nameå, Header values Header.value, Status reason phrases...

Design/Logic Flaw

http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names Header.nameå, Header values Header.value, Status reason phrases...

Apache 2.4.x < 2.4.49 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.49. It is, therefore, affected by multiple vulnerabilities: - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache...

OPENSUSE-SU-2021:1234-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2021-33193: Fixed request splitting via HTTP/2 method injection and modproxy bsc1189387. This update was imported from the SUSE:SLE-15-SP2:Update update project...

SUSE SLED12 / SLES12 Security Update : apache2 (SUSE-SU-2021:2918-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2918-1 advisory. - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or...

SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2021:2954-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2954-1 advisory. - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache...

OPENSUSE-SU-2021:2954-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2021-33193: Fixed request splitting via HTTP/2 method injection and modproxy bsc1189387...

SUSE-SU-2021:2954-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2021-33193: Fixed request splitting via HTTP/2 method injection and modproxy bsc1189387...

Request splitting via HTTP/2 method injection and mod_proxy

...

CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

DEBIAN-CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

UBUNTU-CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

Input validation

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

CVE-2021-33193 Request splitting via HTTP/2 method injection and mod_proxy

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

CVE-2021-33193

CVE-2021-33193 describes a vulnerability in Apache HTTP Server where a crafted HTTP/2 method can bypass validation and be forwarded by mod_proxy, potentially enabling request splitting or cache poisoning. The issue affects Apache httpd versions 2.4.17 through 2.4.48. Connected advisories and noti...

Privilege Escalation

apache2 is vulnerability to privilege escalation. An attacker may exploit the vulnerability by sending a crafted method through HTTP/2 which will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning...

CVE-2021-32598

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splittin...