Lucene search
+L

8 matches found

CVE
CVE
added 2023/03/07 3:9 p.m.9299 views

CVE-2023-25690

CVE-2023-25690 concerns Apache HTTP Server 2.4.0–2.4.55 with mod_proxy enabled when combined with certain RewriteRule or ProxyPassMatch patterns that re-insert user-supplied URL data into the proxied request-target via variable substitution. The underlying flaw enables HTTP request smuggling thro...

9.8CVSS9.8AI score0.8377EPSS
In wild
CVE
CVE
added 2023/01/17 7:11 p.m.2569 views

CVE-2022-36760

CVE-2022-36760 affects Apache HTTP Server mod_proxy_ajp, enabling HTTP Request Smuggling by an attacker to forward requests to the AJP backend. Public docs confirm impact on Apache httpd 2.4.54 and earlier; remediation is to upgrade to a fixed release (e.g., httpd 2.4.55+ as referenced by advisor...

9CVSS8.5AI score0.01879EPSS
CVE
CVE
added 2023/01/17 7:12 p.m.2531 views

CVE-2022-37436

CVE-2022-37436 affects Apache HTTP Server in versions prior to 2.4.55. The issue allows a malicious backend to truncate response headers early, causing some headers to be incorporated into the response body and preventing the later headers from being interpreted by the client. Affected products i...

5.3CVSS7.3AI score0.57941EPSS
CVE
CVE
added 2023/01/17 7:7 p.m.2419 views

CVE-2006-20001

CVE-2006-20001 affects Apache HTTP Server 2.4.54 and earlier. The issue is triggered by a crafted If: header that can read memory or write a single zero byte in heap memory beyond the header value, potentially crashing the process. Industry advisories confirm the vulnerability in Apache httpd and...

7.5CVSS8.5AI score0.03546EPSS
CVE
CVE
added 2023/03/07 3:9 p.m.1625 views

CVE-2023-27522

CVE-2023-27522 affects Apache HTTP Server (httpd) versions 2.4.30–2.4.55 via mod_proxy_uwsgi. The issue is HTTP Response Smuggling where special characters in the origin response header can truncate or split the response forwarded to the client. AlmaLinux and ALAS advisories explicitly reference ...

7.5CVSS8.8AI score0.02134EPSS
CVE
CVE
added 2023/10/23 6:50 a.m.1505 views

CVE-2023-45802

CVE-2023-45802 describes a memory‑leak condition in HTTP/2 handling: when a client resets a stream, memory deallocation is deferred until connection close, allowing a connection to accumulate memory usage over time. Astra Linux security notes reproduce the issue description and cite a fix in Apac...

5.9CVSS8.3AI score0.03024EPSS
In wild
CVE
CVE
added 2023/10/23 6:51 a.m.1481 views

CVE-2023-31122

CVE-2023-31122 is an out-of-bounds read vulnerability in Apache HTTP Server’s mod_macro affecting versions up to 2.4.57. Connected advisories (Debian, AlmaLinux, Amazon Linux, CIRCL sighting) confirm multiple distro advisories have issued patches and upgrades (e.g., Debian 2.4.59 fixes; AlmaLinux...

7.5CVSS7.8AI score0.02978EPSS
CVE
CVE
added 2023/10/23 6:50 a.m.687 views

CVE-2023-43622

CVE-2023-43622 affects Apache HTTP Server via the mod_http2 implementation. An attacker opening an HTTP/2 connection with an initial window size of 0 could block handling of that connection indefinitely, potentially exhausting server worker resources in a pattern similar to the slow loris attack....

7.5CVSS7.5AI score0.70595EPSS