Lucene search
K

9 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Apache2

The Apache HTTP Server versions 2.4.6 to 2.4.46, with the modproxywstunnel module configured, were used to handle a URL request. The origin server did not necessarily upgrade this connection. As a result, subsequent requests using the same connection could be processed without any HTTP validation...

5.3CVSS6.8AI score0.60266EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.4 views

SUSE CVE-2022-37797

In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...

7.5CVSS7.2AI score0.0198EPSS
Exploits1References4
Debian
Debian
added 2022/09/28 4:5 p.m.47 views

[SECURITY] [DSA 5243-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5243-1 [email protected] https://www.debian.org/security/ Helmut Grohne September 28, 2022 https://www.debian.org/security/faq -...

7.5CVSS8.3AI score0.02714EPSS
Exploits5
ATTACKERKB
ATTACKERKB
added 2022/09/12 3:15 p.m.3 views

CVE-2022-37797

In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...

7.5CVSS7AI score0.0198EPSS
Exploits1References5
OSV
OSV
added 2022/09/12 3:15 p.m.3 views

UBUNTU-CVE-2022-37797

In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...

7.5CVSS7AI score0.0198EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/11/10 5:14 p.m.3 views

httpd: mod_proxy_wstunnel tunneling of non Upgraded connection

A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections...

5.3CVSS7.1AI score0.60266EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2021/06/17 7:0 a.m.5 views

mod_proxy_wstunnel tunneling of non Upgraded connections

...

5.3CVSS7AI score0.60266EPSS
Exploits0
OSV
OSV
added 2021/06/10 7:15 a.m.3 views

DEBIAN-CVE-2019-17567

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

5.3CVSS6.7AI score0.60266EPSS
Exploits0References1
OSV
OSV
added 2021/06/10 7:15 a.m.8 views

UBUNTU-CVE-2019-17567

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

5.3CVSS6.8AI score0.60266EPSS
Exploits0References5
Rows per page
Query Builder