8 matches found
CVE-2023-25690
CVE-2023-25690 concerns Apache HTTP Server 2.4.0–2.4.55 with mod_proxy enabled when combined with certain RewriteRule or ProxyPassMatch patterns that re-insert user-supplied URL data into the proxied request-target via variable substitution. The underlying flaw enables HTTP request smuggling thro...
CVE-2022-36760
CVE-2022-36760 affects Apache HTTP Server mod_proxy_ajp, enabling HTTP Request Smuggling by an attacker to forward requests to the AJP backend. Public docs confirm impact on Apache httpd 2.4.54 and earlier; remediation is to upgrade to a fixed release (e.g., httpd 2.4.55+ as referenced by advisor...
CVE-2022-37436
CVE-2022-37436 affects Apache HTTP Server in versions prior to 2.4.55. The issue allows a malicious backend to truncate response headers early, causing some headers to be incorporated into the response body and preventing the later headers from being interpreted by the client. Affected products i...
CVE-2006-20001
CVE-2006-20001 affects Apache HTTP Server 2.4.54 and earlier. The issue is triggered by a crafted If: header that can read memory or write a single zero byte in heap memory beyond the header value, potentially crashing the process. Industry advisories confirm the vulnerability in Apache httpd and...
CVE-2023-27522
CVE-2023-27522 affects Apache HTTP Server (httpd) versions 2.4.30–2.4.55 via mod_proxy_uwsgi. The issue is HTTP Response Smuggling where special characters in the origin response header can truncate or split the response forwarded to the client. AlmaLinux and ALAS advisories explicitly reference ...
CVE-2023-45802
CVE-2023-45802 describes a memory‑leak condition in HTTP/2 handling: when a client resets a stream, memory deallocation is deferred until connection close, allowing a connection to accumulate memory usage over time. Astra Linux security notes reproduce the issue description and cite a fix in Apac...
CVE-2023-31122
CVE-2023-31122 is an out-of-bounds read vulnerability in Apache HTTP Server’s mod_macro affecting versions up to 2.4.57. Connected advisories (Debian, AlmaLinux, Amazon Linux, CIRCL sighting) confirm multiple distro advisories have issued patches and upgrades (e.g., Debian 2.4.59 fixes; AlmaLinux...
CVE-2023-43622
CVE-2023-43622 affects Apache HTTP Server via the mod_http2 implementation. An attacker opening an HTTP/2 connection with an initial window size of 0 could block handling of that connection indefinitely, potentially exhausting server worker resources in a pattern similar to the slow loris attack....