CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

VulnCheck KEV•added 2024/07/25 12:0 a.m.•0 views

VulnCheck KEV: CVE-2023-25690

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

9.8CVSS6.8AI score0.67011EPSS

Exploits5References1

OSV•added 2024/03/06 10:51 a.m.•1810 views

BIT-APACHE-2023-25690 Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy

9.8CVSS8.6AI score0.67011EPSS

Exploits5References5

Tenable Nessus•added 2024/02/26 12:0 a.m.•45 views

IBM HTTP Server 8.5.0.0 < 8.5.5.24 / 9.0.0.0 < 9.0.5.16 Request Splitting Attacks (6963650)

The version of IBM HTTP Server running on the remote host is affected by an request splitting attack vulnerability due to an error when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch. A remote attacker could exploit this vulnerability to bypass access controls in the...

Tenable Nessus•added 2024/01/26 12:0 a.m.•80 views

RHEL 8 : httpd:2.4 (RHSA-2023:1672)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1672 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting wi...

0day.today•added 2024/01/02 12:0 a.m.•4511 views

Exploits5References4

Apache 2.4.55 mod_proxy HTTP Request Smuggling Exploit

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow for an HTTP request smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

9.8CVSS9.9AI score0.67011EPSS

Packet Storm•added 2024/01/02 12:0 a.m.•9712 views

Apache 2.4.55 mod_proxy HTTP Request Smuggling

9.8CVSS7.4AI score0.67011EPSS

Tenable Nessus•added 2023/09/08 12:0 a.m.•51 views

GLSA-202309-01 : Apache HTTPD: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202309-01 Apache HTTPD: Multiple Vulnerabilities - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the...

9.8CVSS7.1AI score0.67011EPSS

Exploits5References8

OpenVAS•added 2023/07/31 12:0 a.m.•39 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2462)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.67011EPSS

OpenVAS•added 2023/07/31 12:0 a.m.•33 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2487)

9.8CVSS9.1AI score0.67011EPSS

Tenable Nessus•added 2023/07/28 12:0 a.m.•56 views

EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2023-2462)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack...

Tenable Nessus•added 2023/07/04 12:0 a.m.•42 views

Exploits5References3

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2023-2271)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affect...

GithubExploit•added 2023/05/22 3:6 a.m.•10493 views

Exploits5References3

Exploit for HTTP Request Smuggling in Apache Http_Server

CVE 2023 25690 - Proof of Concept Published: 7 March 2023...

9.8CVSS8.5AI score0.67011EPSS

OpenVAS•added 2023/05/09 12:0 a.m.•28 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1823)

9.8CVSS9.1AI score0.67011EPSS

Tenable Nessus•added 2023/05/09 12:0 a.m.•38 views

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2023-1805)

Tenable Nessus•added 2023/04/25 12:0 a.m.•45 views

Exploits5References3

Debian dla-3401 : apache2 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3401 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3401-1 [email protected]...

9.8CVSS7.2AI score0.67011EPSS

Exploits5References6

Tenable Nessus•added 2023/04/08 12:0 a.m.•47 views

RHEL 9 : httpd and mod_http2 (RHSA-2023:1670)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1670 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting wi...

Tenable Nessus•added 2023/04/05 12:0 a.m.•129 views

Exploits5References4

RHEL 8 : httpd:2.4 (RHSA-2023:1596)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1596 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting wi...