BIT-MODSECURITY2-2025-54571 ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

BIT-MODSECURITY-2025-54571 ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

Linux Distros Unpatched Vulnerability : CVE-2024-40725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. AddType a...

CVE-2025-54571

CVE-2025-54571 affects ModSecurity (WAF engine for Apache/IIS/Nginx). In versions 2.9.11 and earlier, an attacker could override the HTTP response Content-Type, enabling issues such as XSS and arbitrary script-source disclosure. The vulnerability is fixed in ModSecurity 2.9.12. Remediation: upgra...

CVE-2025-54571 ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

The vulnerability of software for accessing analytics and planning tools in the IBM Analytics Content Hub, related to the disclosure of information through source code, allows a perpetrator to disclose protected information.

The vulnerability of the software for accessing analytics and planning tools in the IBM Analytics Content Hub is related to the disclosure of information through the source code. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

Oracle HTTP Server (July 2025 CPU)

The versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory. - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap- based buffer under-read. To exploit this, a...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2025:02241-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02241-1 advisory. - CVE-2024-38477: Fixed null pointer dereference in modproxy bsc1227270. - CVE-2024-39573: Fixed source code disclosure with...

Security update for apache2

This update for apache2 fixes the following issues: CVE-2024-38477: Fixed null pointer dereference in modproxy bsc1227270. CVE-2024-39573: Fixed source code disclosure with handlers configured via AddType bsc1227271. CVE-2024-39884: Fixed source code disclosure of local content bsc1227353...

SUSE-SU-2025:02241-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-38477: Fixed null pointer dereference in modproxy bsc1227270. - CVE-2024-39573: Fixed source code disclosure with handlers configured via AddType bsc1227271. - CVE-2024-39884: Fixed source code disclosure of local content bsc1227353. ...

The vulnerability of IBM Cognos Analytics, a web server for online business analytics services, allows attackers to compromise the confidentiality of protected information.

The vulnerability of the IBM Cognos Analytics online business analytics server relates to the disclosure of information through source code. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the confidentiality of the protected information...

CVE-2023-27180

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...

CVE-2021-32072

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information disclosing sensitive application data due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods...

CVE-2020-10105

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html...

CVE-2019-10849

Computrols CBAS 18.0.0 allows unprotected Subversion SVN directory / source code disclosure...

EulerOS Virtualization 2.12.1 : httpd (EulerOS-SA-2025-1546)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based...

Apache HTTP Server Improper Escaping of Output Vulnerability

Apache HTTP Server contains an improper escaping of output vulnerability in modrewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code...

Important: tomcat

Issue Overview: When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpect...

Apache ActiveMQ 5.3.2 Source Code Disclosure

Apache ActiveMQ version 5.3.2 source code disclosure proof of concept exploit that demonstrates an issue discovered in 2010. ============================================================================================================================================= | Title : Apache ActiveMQ 5.3....

CVE-2025-25478

The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password...