271 matches found
Apache Httpd < 2.4.25 : HTTP/2 CONTINUATION denial of service
The HTTP/2 protocol implementation modhttp2 had an incomplete handling of the LimitRequestFields directive. This allowed an attacker to inject unlimited request headers into the server, leading to eventual memory exhaustion...
Apache Httpd < 2.2.29 : mod_cgid denial of service
A flaw was found in modcgid. If a server using modcgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service...
Apache Httpd < 2.4.16 : ap_some_auth_required API unusable
A design error in the "apsomeauthrequired" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for...
Apache Httpd < 2.4.10 : WinNT MPM denial of service
A flaw was found in the WinNT MPM in httpd versions 2.4.1 to 2.4.9, when using the default AcceptFilter for that platform. A remote attacker could send carefully crafted requests that would leak memory and eventually lead to a denial of service against the server...
Apache Httpd < 2.2.23 : insecure LD_LIBRARY_PATH handling
Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory...
Apache Httpd < 2.0.63 : mod_status XSS
A flaw was found in the modstatus module. On sites where modstatus is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available...
Apache Httpd < 2.2.29 : mod_deflate denial of service
A resource consumption flaw was found in moddeflate. If request body decompression was configured using the "DEFLATE" input filter, a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration...
Apache Httpd < 2.2.22 : mod_setenvif .htaccess privilege escalation
An integer overflow flaw was found which, when the modsetenvif module is enabled, could allow local users to gain privileges via a .htaccess file...
Apache Httpd < 2.0.55 : SSLVerifyClient bypass
A flaw in the modssl handling of the "SSLVerifyClient" directive. This flaw would occur if a virtual host has been configured using "SSLVerifyClient optional" and further a directive "SSLVerifyClient required" is set for a specific location. For servers configured in this fashion, an attacker may...
Apache Httpd < 2.2.21 : mod_proxy_ajp remote DoS
A flaw was found when modproxyajp is used together with modproxybalancer. Given a specific configuration, a remote attacker could send certain malformed HTTP requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service...
Apache Httpd < 2.2.17 : expat DoS
A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...
Apache Httpd < 2.2.13 : APR apr_palloc heap overflow
A flaw in aprpalloc in the bundled copy of APR could cause heap overflows in programs that try to aprpalloc a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses...
Apache Httpd < 2.4.39 : mod_http2, possible crash on late upgrade
When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for...
Apache Httpd < 2.4.35 : DoS for HTTP/2 connections by continuous SETTINGS
By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol...
Apache Httpd < 2.0.61 : Signals to arbitrary processes
The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service...
Apache Httpd < 2.4.54 : mod_sed denial of service
If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...
Apache Httpd < 2.2.22 : mod_proxy_ajp remote DoS
A flaw was found when modproxyajp connects to a backend server that takes too long to respond. Given a specific configuration, a remote attacker could send certain requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of...
Apache Httpd < 2.2.23 : XSS in mod_negotiation when untrusted uploads are supported
Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. Note: This issue is also known as CVE-2008-0455...
Apache Httpd < 2.2.20 : Range header remote DoS
A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack. Advisory...
Apache Httpd < 2.2.22 : scoreboard parent DoS
A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly...
Apache Httpd < 1.3.33 : mod_include overflow
A buffer overflow in modinclude could allow a local user who is authorised to create server side include SSI files to gain the privileges of a httpd child...
Apache Httpd < 2.0.46 : Basic Authentication DoS
A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used...
Apache Httpd < 2.0.64 : mod_proxy_ftp DoS
A NULL pointer dereference flaw was found in the modproxyftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service...
Apache Httpd < 2.2.9 : mod_proxy_http DoS
A flaw was found in the handling of excessive interim responses from an origin server when using modproxyhttp. A remote attacker could cause a denial of service or high memory usage...
Apache Httpd < 2.4.26 : mod_http2 Null Pointer Dereference
A maliciously constructed HTTP/2 request could cause modhttp2 to dereference a NULL pointer and crash the server process...
Apache Httpd < 2.2.25 : mod_rewrite log escape filtering
modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 2.2.24 : XSS in mod_proxy_balancer
A XSS flaw affected the modproxybalancer manager interface...
Apache Httpd < 2.2.15 : Subrequest handling of request headers (mod_headers)
A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headersin array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as modheaders which may manipulate the inp...
Apache Httpd < 2.4.20 : mod_http2: denial of service by thread starvation
By manipulating the flow control windows on streams, a client was able to block server threads for long times, causing starvation of worker threads. Connections could still be opened, but no streams where processed for these. This issue affected HTTP/2 support in 2.4.17 and 2.4.18...
Apache Httpd < 2.2.15 : mod_proxy_ajp DoS
modproxyajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service...
Apache Httpd < 1.3.26 : Filtered escape sequences
Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 2.2.12 : mod_deflate DoS
A denial of service flaw was found in the moddeflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause moddeflate to consume large amounts of CPU...
Apache Httpd < 2.2.16 : Timeout detection flaw (mod_proxy_http)
An information disclosure flaw was found in modproxyhttp in versions 2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout conditions, the server could return a response intended for another user. Only Windows, Netware and OS2 operating systems are affected. Only those...
Apache Httpd < 2.2.14 : mod_proxy_ftp FTP command injection
A flaw was found in the modproxyftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server...
Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure
An additional exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web...
Apache Httpd < 2.2.17 : apr_bridage_split_line DoS
A flaw was found in the aprbrigadesplitline function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service...
Apache Httpd < 2.2.12 : APR-util off-by-one overflow
An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to th...
Apache Httpd < 2.2.12 : APR-util heap underwrite
A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern...
Apache Httpd < 2.4.23 : TLS/SSL X.509 client certificate auth bypass with HTTP/2
For configurations enabling support for HTTP/2, SSL client certificate validation was not enforced if configured, allowing clients unauthorized access to protected resources over HTTP/2. This issue affected releases 2.4.18 and 2.4.20 only...
Apache Httpd < 1.3-never : mod_proxy reverse proxy exposure
An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...
Apache Httpd < 2.0.64 : expat DoS
A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...
Apache Httpd < 2.2.12 : CRLF injection in mod_negotiation when untrusted uploads are supported
Possible CRLF injection allowing HTTP response splitting attacks for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled...
Apache Httpd < 1.3.26 : Apache Chunked encoding vulnerability
Malicious requests can cause various effects ranging from a relatively harmless increase in system resources through to denial of service attacks and in some cases the ability to execute arbitrary remote code...
Apache Httpd < 2.4.6 : mod_session_dbd session fixation flaw
A flaw in modsessiondbd caused it to proceed with save operations for a session without considering the dirty flag and the requirement for a new session ID...
Apache Httpd < 2.2.19 : apr_fnmatch flaw leads to mod_autoindex remote DoS
A flaw was found in the aprfnmatch function of the bundled APR library. Where modautoindex is enabled, and a directory indexed by modautoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could b...
Apache Httpd < 2.2.16 : mod_cache and mod_dav DoS
A flaw was found in the handling of requests by modcache 2.2 and moddav 2.0 and 2.2. A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated a...
Apache Httpd < 2.2.8 : mod_proxy_ftp UTF-7 XSS
A workaround was added in the modproxyftp module. On sites where modproxyftp is enabled and a forward proxy is configured, a cross-site scripting attack is possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616...
Apache Httpd < 2.2.6 : mod_status cross-site scripting
A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...
Apache Httpd < 2.2.22 : error responses can expose cookies
A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified...
Apache Httpd < 2.0.65 : mod_proxy reverse proxy exposure
An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...