-
Latest security vulnerabilities Apache Http Server
Mar 7, 2023 | 16:15 pm
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jan 17, 2023 | 20:15 pm
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jun 9, 2022 | 17:15 pm
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Mar 14, 2022 | 11:15 am
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVSS:7.5) (Last Update:2022-11-02 13:18:36)
Read more...
-
Latest security vulnerabilities Apache Http Server
Dec 20, 2021 | 12:15 pm
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Oct 7, 2021 | 16:15 pm
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Oct 5, 2021 | 09:15 am
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Sep 16, 2021 | 15:15 pm
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVSS:7.5) (Last Update:2022-10-28 13:34:54)
Read more...
-
Latest security vulnerabilities Apache Http Server
Aug 16, 2021 | 08:15 am
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. (CVSS:7.5) (Last Update:2023-03-03 19:15:10)
Read more...
-
Latest security vulnerabilities Apache Http Server
Jun 15, 2021 | 09:15 am
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent[…]
Read more...