70 matches found
CVE-2025-31651
CVE-2025-31651 affects Apache Tomcat and allows bypass of rewrite rules for a subset of unlikely configurations. Affected branches include Tomcat 11.0.0-M1–11.0.5, 10.1.0-M1–10.1.39, and 9.0.0.M1–9.0.102; Debian and Amazon advisories confirm Tomcat9/10 updates addressing this issue. The connected...
Fixed in Apache Tomcat 11.0.6
Low: Rewrite rule bypass CVE-2025-31651 For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This was fixed with...
Fixed in Apache Tomcat 9.0.104
Note: The issues below were fixed in Apache Tomcat 9.0.103 but the release vote for the 9.0.103 release candidate did not pass. Therefore, although users must download 9.0.104 to obtain a version that includes a fix for these issues, version 9.0.103 is not included in the list of affected version...
Fixed in Apache Tomcat 10.1.40
Low: Rewrite rule bypass CVE-2025-31651 For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This was fixed with...
PT-2024-15265 · Kiteworks · Kiteworks Owncloud
Name of the Vulnerable Software and Affected Versions: Kiteworks OwnCloud affected versions not specified Description: Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty strin...
httpd: Potential SSRF in mod_rewrite
A flaw was found in the modrewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the modproxy module...
PT-2024-40140 · Ez Systems · Ez Platform
Name of the Vulnerable Software and Affected Versions: ezplatform versions prior to 1.7.9.1 ezplatform versions prior to 1.13.5.1 ezplatform versions prior to 2.5.4.1 Description: The issue affects eZ Platform setups on the Platform.sh cloud service, where a rewrite rule intended to block access ...
httpd: HTTP request splitting with mod_rewrite and mod_proxy
A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...
httpd: HTTP request splitting with mod_rewrite and mod_proxy
A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...
httpd: HTTP request splitting with mod_rewrite and mod_proxy
A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...
httpd: HTTP request splitting with mod_rewrite and mod_proxy
A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...
httpd: HTTP request splitting with mod_rewrite and mod_proxy
A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...
httpd: HTTP request splitting with mod_rewrite and mod_proxy
A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...
httpd: HTTP request splitting with mod_rewrite and mod_proxy
A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...
httpd: HTTP request splitting with mod_rewrite and mod_proxy
A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...
httpd: HTTP request splitting with mod_rewrite and mod_proxy
A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...
httpd: HTTP request splitting with mod_rewrite and mod_proxy
A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...
httpd: HTTP request splitting with mod_rewrite and mod_proxy
A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...
SUSE CVE-2023-25690
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
DEBIAN-CVE-2023-25690
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...