Lucene search
K

4 matches found

OSV
OSV
added 2024/07/09 7:1 a.m.28 views

MGASA-2024-0258 Updated apache packages fix security vulnerabilities

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. CVE-2024-36387 Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encodin...

9.8CVSS7.8AI score0.99957EPSS
Exploits2References10
OSV
OSV
added 2024/07/03 7:17 a.m.53 views

BIT-APACHE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS9.8AI score0.99957EPSS
Exploits1References8
Hacker One
Hacker One
added 2024/07/03 7:9 a.m.114 views

Internet Bug Bounty: important: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. (CVE-2024-38475)

The Apache HTTP Server was found to have a vulnerability in modrewrite where improper escaping of output allowed attackers to map URLs to filesystem locations that were permitted to be served by the server but were not intentionally/directly reachable by any URL. This resulted in potential code...

9.1CVSS9.1AI score0.99957EPSS
Exploits1
Debian CVE
Debian CVE
added 2024/07/01 6:15 p.m.65 views

CVE-2024-38475

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS9.2AI score0.99957EPSS
Exploits1
Rows per page
Query Builder