24 matches found
Astra Linux - уязвимость в apache2
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL. This enables the attacker to execute code or disclose...
ManageEngine ServiceDesk Plus < 15.1 Build 15110 Privilege Escalation
The version of ManageEngine ServiceDesk Plus installed on the remote host is prior to 15.1 Build 15110. It is, therefore, affected by a vulnerability as referenced in the service-deskCVE-2025-8309 advisory. - A privilege escalation vulnerability caused by the overly permissive regular expression...
ManageEngine ServiceDesk Plus MSP < 14.9 Build 14940 Privilege Escalation
The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.9 Build 14940. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-8309 advisory. - A privilege escalation vulnerability caused by the overly permissive regular expression regex...
Linux Distros Unpatched Vulnerability : CVE-2024-22117
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last...
Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker causing a denial of service, executing arbitrary code, and mapping URLs to filesystem locations due to multiple vulnerabilities.
Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to a remote attacker causing a denial of service due to NULL pointer dereference CVE-2024-38477, executing arbitrary code due to an encoding issue in modrewrite CVE-2024-38474, and improper escaping in modrewrite resulting in acces...
httpd: Improper escaping of output in mod_rewrite
A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...
httpd: Improper escaping of output in mod_rewrite
A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...
httpd: Improper escaping of output in mod_rewrite
A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...
httpd: Improper escaping of output in mod_rewrite
A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...
Important: httpd24
Issue Overview: Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are...
httpd: Improper escaping of output in mod_rewrite
A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...
Unspecified Vulnerability in Apache HTTP Server (CNVD-2024-36387)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server that can be exploited by an attacker to map URLs to file system locations th...
CVE-2024-38475
A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...
DEBIAN-CVE-2024-38475
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...
UBUNTU-CVE-2024-38475
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...
CVE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...
CVE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...
PT-2025-18780
Name of the Vulnerable Software and Affected Versions jose4j versions prior to 0.9.5 Description An attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. Processing this token by the server results ...
Mapping Multiple URLs Redirect Same Page <= 5.8 - Reflected Cross-Site Scripting
The plugin does not sanitize and escape the mmurspid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=mmursp-list=editid="...
Mapping Multiple URLs Redirect Same Page <= 5.8 - Reflected Cross-Site Scripting
The plugin does not sanitize and escape the mmurspid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=mmursp-list&view=edit&mmurspid="...