271 matches found
Apache Httpd < 2.4.26 : mod_http2 Null Pointer Dereference
A maliciously constructed HTTP/2 request could cause modhttp2 to dereference a NULL pointer and crash the server process...
Apache Httpd < 2.2.14 : mod_proxy_ftp FTP command injection
A flaw was found in the modproxyftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server...
Apache Httpd < 2.2.12 : mod_proxy reverse proxy DoS
A denial of service flaw was found in the modproxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time...
Apache Httpd < 2.0.64 : mod_proxy_http DoS
A flaw was found in the handling of excessive interim responses from an origin server when using modproxyhttp. A remote attacker could cause a denial of service or high memory usage...
Apache Httpd < 2.2.8 : mod_proxy_ftp UTF-7 XSS
A workaround was added in the modproxyftp module. On sites where modproxyftp is enabled and a forward proxy is configured, a cross-site scripting attack is possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616...
Apache Httpd < 2.0.51 : IPv6 URI parsing heap overflow
Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child...
Apache Httpd < 1.3.31 : Error log escape filtering
Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 1.3.26 : Filtered escape sequences
Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 2.4.23 : TLS/SSL X.509 client certificate auth bypass with HTTP/2
For configurations enabling support for HTTP/2, SSL client certificate validation was not enforced if configured, allowing clients unauthorized access to protected resources over HTTP/2. This issue affected releases 2.4.18 and 2.4.20 only...
Apache Httpd < 2.0.64 : apr_bridage_split_line DoS
A flaw was found in the aprbrigadesplitline function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service...
Apache Httpd < 2.0.64 : mod_deflate DoS
A denial of service flaw was found in the moddeflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause moddeflate to consume large amounts of CPU...
Apache Httpd < 2.2.12 : APR-util heap underwrite
A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern...
Apache Httpd < 1.3.37 : mod_rewrite off-by-one error
An off-by-one flaw exists in the Rewrite module, modrewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely...
Apache Httpd < 2.2.2 : mod_ssl access control DoS
A NULL pointer dereference flaw in modssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This...
Apache Httpd < 1.3.32 : mod_proxy buffer overflow
A buffer overflow was found in the Apache proxy module, modproxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue an attacker would need to get an Apache installation that was configured as a proxy to connect to a malicious site. This would cau...
Apache Httpd < 2.4.6 : mod_dav crash
Sending a MERGE request against a URI handled by moddavsvn with the source href sent as part of the request body as XML pointing to a URI that is not configured for DAV will trigger a segfault...
Apache Httpd < 2.4.4 : XSS in mod_proxy_balancer
A XSS flaw affected the modproxybalancer manager interface...
Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure
An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...
Apache Httpd < 2.2.6 : mod_status cross-site scripting
A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...
Apache Httpd < 2.2.22 : error responses can expose cookies
A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified...
Apache Httpd < 2.0.64 : mod_isapi module unload flaw
A flaw was found with within modisapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using modisapi, a remote attacker could send a malicious request to trigg...
Apache Httpd < 2.0.51 : SSL connection infinite loop
An issue was discovered in the modssl module in Apache 2.0. A remote attacker who forces an SSL connection to be aborted in a particular state may cause an Apache child process to enter an infinite loop, consuming CPU resources...
Apache Httpd < 2.0.45 : Line feed memory leak DoS
Apache 2.0 versions before Apache 2.0.45 had a significant Denial of Service vulnerability. Remote attackers could cause a denial of service memory consumption via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed...
Apache Httpd < 2.4.34 : mod_md, DoS via Coredumps on specially crafted requests
By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server...
Apache Httpd < 2.2.25 : mod_rewrite log escape filtering
modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 2.0.65 : Range header remote DoS
A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack. Advisory...
Apache Httpd < 2.2.10 : mod_proxy_ftp globbing XSS
A flaw was found in the handling of wildcards in the path of a FTP URL with modproxyftp. If modproxyftp is enabled to support FTP-over-HTTP, requests containing globbing characters could lead to cross-site scripting XSS attacks...
Apache Httpd < 1.3.41 : mod_status XSS
A flaw was found in the modstatus module. On sites where modstatus is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available...
Apache Httpd < 1.3.39 : Signals to arbitrary processes
The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service...
Apache Httpd < 2.0.55 : Worker MPM memory leak
A memory leak in the worker MPM would allow remote attackers to cause a denial of service memory consumption via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. This issue was downgraded in severity to low from moderate as sucessful...
Apache Httpd < 2.2.14 : mod_proxy_ftp DoS
A NULL pointer dereference flaw was found in the modproxyftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service...
Apache Httpd < 2.0.64 : APR apr_palloc heap overflow
A flaw in aprpalloc in the bundled copy of APR could cause heap overflows in programs that try to aprpalloc a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses...
Apache Httpd < 2.0.55 : Malicious CRL off-by-one
An off-by-one stack overflow was discovered in the modssl CRL verification callback. In order to exploit this issue the Apache server would need to be configured to use a malicious certificate revocation list CRL...
Apache Httpd < 2.0.53 : SSLCipherSuite bypass
An issue has been discovered in the modssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any...
Apache Httpd < 2.0.50 : Header parsing memory leak
A memory leak in parsing of HTTP headers which can be triggered remotely may allow a denial of service attack due to excessive memory consumption...
Apache Httpd < 1.3.31 : mod_digest nonce checking
moddigest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that moddigest implements an older version of the MD5...
Apache Httpd < 2.4.16 : mod_lua: Crash in websockets PING handling
A stack recursion crash in the modlua module was found. A Lua script executing the r:wsupgrade function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive...
Apache Httpd < 2.0.65 : mod_rewrite log escape filtering
modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 2.4.3 : Response mixup when using mod_proxy_ajp or mod_proxy_http
The modules modproxyajp and modproxyhttp did not always close the connection to the back end server when necessary as part of error handling. This could lead to an information disclosure due to a response mixup between users...
Apache Httpd < 2.0.65 : error responses can expose cookies
A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified...
Apache Httpd < 2.2.19 : apr_fnmatch flaw leads to mod_autoindex remote DoS
A flaw was found in the aprfnmatch function of the bundled APR library. Where modautoindex is enabled, and a directory indexed by modautoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could b...
Apache Httpd < 2.2.6 : Signals to arbitrary processes
The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service...
Apache Httpd < 2.0.49 : Error log escape filtering
Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 2.2.31 : HTTP request smuggling attack against chunked request parser
An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use...
Apache Httpd < 2.0.64 : mod_cache and mod_dav DoS
A flaw was found in the handling of requests by modcache 2.2 and moddav 2.0 and 2.2. A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated a...
Apache Httpd < 2.2.12 : APR-util XML DoS
A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language XML parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine...
Apache Httpd < 2.2.8 : mod_imagemap XSS
A flaw was found in the modimagemap module. On sites where modimagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible...
Apache Httpd < 1.3.39 : mod_status cross-site scripting
A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...
Apache Httpd < 2.0.58 : mod_ssl access control DoS
A NULL pointer dereference flaw in modssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This...
Apache Httpd < 2.0.55 : Byterange filter DoS
A flaw in the byterange filter would cause some responses to be buffered into memory. If a server has a dynamic resource such as a CGI script or PHP script which generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading ...