9 matches found
Astra Linux – Vulnerability in Apache2
The Apache HTTP Server versions 2.4.6 to 2.4.46, with the modproxywstunnel module configured, were used to handle a URL request. The origin server did not necessarily upgrade this connection. As a result, subsequent requests using the same connection could be processed without any HTTP validation...
SUSE CVE-2022-37797
In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...
[SECURITY] [DSA 5243-1] lighttpd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5243-1 [email protected] https://www.debian.org/security/ Helmut Grohne September 28, 2022 https://www.debian.org/security/faq -...
CVE-2022-37797
In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...
UBUNTU-CVE-2022-37797
In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...
httpd: mod_proxy_wstunnel tunneling of non Upgraded connection
A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections...
mod_proxy_wstunnel tunneling of non Upgraded connections
...
DEBIAN-CVE-2019-17567
Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...
UBUNTU-CVE-2019-17567
Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...