VuXML ID | Description |
f923205f-6e66-11ee-85eb-84a93843eb75 | Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports:
- CVE-2023-45802: Apache HTTP Server: HTTP/2 stream
memory not reclaimed right away on RST
- CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with
initial windows size 0
- CVE-2023-31122: mod_macro buffer over-read
Discovery 2023-10-19 Entry 2023-10-19 apache24
< 2.4.58
CVE-2023-45802
CVE-2023-43622
CVE-2023-31122
https://dlcdn.apache.org/httpd/CHANGES_2.4.58
|
cce76eca-ca16-11eb-9b84-d4c9ef517024 | Apache httpd -- Multiple vulnerabilities
The Apache httpd reports:
- moderate: mod_proxy_wstunnel tunneling of non Upgraded
connections (CVE-2019-17567)
- moderate: Improper Handling of Insufficient Privileges
(CVE-2020-13938)
- low: mod_proxy_http NULL pointer dereference
(CVE-2020-13950)
- low: mod_auth_digest possible stack overflow by one nul byte
(CVE-2020-35452)
- low: mod_session NULL pointer dereference (CVE-2021-26690)
- low: mod_session response handling heap overflow (CVE-2021-26691)
- moderate: Unexpected URL matching with 'MergeSlashes OFF'
(CVE-2021-30641)
- important: NULL pointer dereference on specially crafted HTTP/2
request (CVE-2021-31618)
Discovery 2021-06-09 Entry 2021-06-10 apache24
< 2.4.48
CVE-2019-17567
CVE-2020-13938
CVE-2020-13950
CVE-2020-35452
CVE-2021-26690
CVE-2021-26691
CVE-2021-30641
CVE-2021-31618
https://httpd.apache.org/security/vulnerabilities_24.html
|
882a38f9-17dd-11ec-b335-d4c9ef517024 | Apache httpd -- multiple vulnerabilities
The Apache project reports:
- moderate: Request splitting via HTTP/2 method injection and
mod_proxy (CVE-2021-33193)
- moderate: NULL pointer dereference in httpd core
(CVE-2021-34798)
- moderate: mod_proxy_uwsgi out of bound read (CVE-2021-36160)
- low: ap_escape_quotes buffer overflow (CVE-2021-39275)
- high: mod_proxy SSRF (CVE-2021-40438)
Discovery 2021-09-16 Entry 2021-09-17 Modified 2021-09-28 apache24
< 2.4.49
CVE-2021-33193
CVE-2021-34798
CVE-2021-36160
CVE-2021-39275
CVE-2021-40438
http://httpd.apache.org/security/vulnerabilities_24.html
|
caf545f2-c0d9-11e9-9051-4c72b94353b5 | Apache -- Multiple vulnerabilities
SO-AND-SO reports:
SECURITY: CVE-2019-10081
mod_http2: HTTP/2 very early pushes, for example configured with "H2PushResource",
could lead to an overwrite of memory in the pushing request's pool,
leading to crashes. The memory copied is that of the configured push
link header values, not data supplied by the client.
SECURITY: CVE-2019-9517
mod_http2: a malicious client could perform a DoS attack by flooding
a connection with requests and basically never reading responses
on the TCP connection. Depending on h2 worker dimensioning, it was
possible to block those with relatively few connections.
SECURITY: CVE-2019-10098
rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
matches and substitutions with encoded line break characters.
SECURITY: CVE-2019-10092
Remove HTML-escaped URLs from canned error responses to prevent misleading
text/links being displayed via crafted links.
SECURITY: CVE-2019-10097
mod_remoteip: Fix stack buffer overflow and NULL pointer deference
when reading the PROXY protocol header.
CVE-2019-10082
mod_http2: Using fuzzed network input, the http/2 session
handling could be made to read memory after being freed,
during connection shutdown.
Discovery 2019-08-14 Entry 2019-08-17 apache24
< 2.4.41
http://www.apache.org/dist/httpd/CHANGES_2.4
CVE-2019-10081
CVE-2019-9517
CVE-2019-10098
CVE-2019-10092
CVE-2019-10082
|
8edeb3c1-bfe7-11ed-96f5-3497f65b111b | Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports:
- CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi
HTTP response splitting (cve.mitre.org).
HTTP Response Smuggling vulnerability in Apache HTTP Server
via mod_proxy_uwsgi. This issue affects Apache HTTP Server:
from 2.4.30 through 2.4.55.
Special characters in the origin response header can
truncate/split the response forwarded to the client.
- CVE-2023-25690: HTTP request splitting with mod_rewrite
and mod_proxy (cve.mitre.org).
Some mod_proxy configurations on Apache HTTP Server versions
2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along
with some form of RewriteRule or ProxyPassMatch in which a
non-specific pattern matches some portion of the user-supplied
request-target (URL) data and is then re-inserted into the
proxied request-target using variable substitution.
Discovery 2023-03-08 Entry 2023-03-11 apache24
< 2.4.56
CVE-2023-25690
CVE-2023-27522
https://downloads.apache.org/httpd/CHANGES_2.4.56
|
8b1a50ab-8a8e-11e8-add2-b499baebfeaf | Apache httpd -- multiple vulnerabilities
The Apache project reports:
- DoS for HTTP/2 connections by crafted requests
(CVE-2018-1333). By specially crafting HTTP/2 requests, workers
would be allocated 60 seconds longer than necessary, leading to
worker exhaustion and a denial of service. (low)
- mod_md, DoS via Coredumps on specially crafted requests
(CVE-2018-8011). By specially crafting HTTP requests, the mod_md
challenge handler would dereference a NULL pointer and cause the
child process to segfault. This could be used to DoS the server.
(moderate)
Discovery 2018-07-18 Entry 2018-07-18 apache24
< 2.4.34
http://httpd.apache.org/security/vulnerabilities_24.html
CVE-2018-1333
CVE-2018-8011
|
6601c08d-a46c-11ec-8be6-d4c9ef517024 | Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports:
mod_lua: Use of uninitialized value of in r:parsebody (moderate)
(CVE-2022-22719) A carefully crafted request body can cause a
read to a random memory area which could cause the process to crash.
HTTP request smuggling vulnerability (important) (CVE-2022-22720)
httpd fails to close inbound connection when errors are
encountered discarding the request body, exposing the server to HTTP
Request Smuggling
core: Possible buffer overflow with very large or unlimited
LimitXMLRequestBody (low) (CVE-2022-22721) If LimitXMLRequestBody
is set to allow request bodies larger than 350MB (defaults to 1M) on 32
bit systems an integer overflow happens which later causes out of
bounds writes.
mod_sed: Read/write beyond bounds (important) (CVE-2022-23924)
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server
allows an attacker to overwrite heap memory with possibly attacker
provided data.
Discovery 2022-03-14 Entry 2022-03-15 apache24
< 2.4.53
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
CVE-2022-23943
https://httpd.apache.org/security/vulnerabilities_24.html
|
49adfbe5-e7d1-11ec-8fbd-d4c9ef517024 | Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports:
- CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop
mechanism. Apache HTTP Server 2.4.53 and earlier may not send the
X-Forwarded-* headers to the origin server based on client side
Connection header hop-by-hop mechanism. This may be used to bypass
IP based authentication on the origin server/application.
- CVE-2022-30556: Information Disclosure in mod_lua with websockets.
Apache HTTP Server 2.4.53 and earlier may return lengths to
applications calling r:wsread() that point past the end of the
storage allocated for the buffer.
- CVE-2022-30522: mod_sed denial of service. If Apache HTTP Server
2.4.53 is configured to do transformations with mod_sed in contexts
where the input to mod_sed may be very large, mod_sed may make
excessively large memory allocations and trigger an abort.
- CVE-2022-29404: Denial of service in mod_lua r:parsebody. In Apache
HTTP Server 2.4.53 and earlier, a malicious request to a lua script
that calls r:parsebody(0) may cause a denial of service due to no
default limit on possible input size.
- CVE-2022-28615: Read beyond bounds in ap_strcmp_match(). Apache
HTTP Server 2.4.53 and earlier may crash or disclose information due
to a read beyond bounds in ap_strcmp_match() when provided with an
extremely large input buffer. While no code distributed with the
server can be coerced into such a call, third-party modules or lua
scripts that use ap_strcmp_match() may hypothetically be affected.
- CVE-2022-28614: read beyond bounds via ap_rwrite(). The ap_rwrite()
function in Apache HTTP Server 2.4.53 and earlier may read unintended
memory if an attacker can cause the server to reflect very large
input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts()
function.
- CVE-2022-28330: read beyond bounds in mod_isapi. Apache HTTP Server
2.4.53 and earlier on Windows may read beyond bounds when configured
to process requests with the mod_isapi module.
- CVE-2022-26377: mod_proxy_ajp: Possible request smuggling.
Inconsistent Interpretation of HTTP Requests ('HTTP Request
Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
allows an attacker to smuggle requests to the AJP server it forwards
requests to.
Discovery 2022-06-08 Entry 2022-06-09 Modified 2022-06-10 apache24
< 2.4.54
CVE-2022-31813
CVE-2022-30556
CVE-2022-30522
CVE-2022-29404
CVE-2022-28615
CVE-2022-28614
CVE-2022-28330
CVE-2022-26377
http://downloads.apache.org/httpd/CHANGES_2.4.54
|
cf2105c6-551b-11e9-b95c-b499baebfeaf | Apache -- Multiple vulnerabilities
The Apache httpd Project reports:
Apache HTTP Server privilege escalation from modules' scripts
(CVE-2019-0211) (important)
mod_auth_digest access control bypass (CVE-2019-0217)
(important)
mod_ssl access control bypass (CVE-2019-0215) (important)
mod_http2, possible crash on late upgrade (CVE-2019-0197) (low)
mod_http2, read-after-free on a string compare (CVE-2019-0196)
(low)
Apache httpd URL normalization inconsistincy (CVE-2019-0220)
(low)
Discovery 2019-04-01 Entry 2019-04-02 apache24
< 2.4.39
https://www.apache.org/dist/httpd/CHANGES_2.4.39
https://httpd.apache.org/security/vulnerabilities_24.html
CVE-2019-0211
CVE-2019-0217
CVE-2019-0215
CVE-2019-0196
CVE-2019-0220
|
76700d2f-d959-11ea-b53c-d4c9ef517024 | Apache httpd -- Multiple vulnerabilities
The Apache httpd projec reports:
- mod_http2: Important: Push Diary Crash on Specifically
Crafted HTTP/2 Header (CVE-2020-9490)
A specially crafted value for the 'Cache-Digest' header in a HTTP/2
request would result in a crash when the server actually tries to
HTTP/2 PUSH a resource afterwards.
- mod_proxy_uwsgi: Moderate: mod_proxy_uwsgi buffer overflow
(CVE-2020-11984)
info disclosure and possible RCE
- mod_http2: Moderate: Push Diary Crash on Specifically Crafted
HTTP/2 Header (CVE-2020-11993)
When trace/debug was enabled for the HTTP/2 module and on certain
traffic edge patterns, logging statements were made on the wrong
connection, causing concurrent use of memory pools.
Discovery 2020-08-07 Entry 2020-08-08 Modified 2020-08-08 apache24
< 2.4.46
mod_http2
< 1.15.14
https://downloads.apache.org/httpd/CHANGES_2.4.46
https://httpd.apache.org/security/vulnerabilities_24.html
CVE-2020-9490
CVE-2020-11984
CVE-2020-11993
|
ca982e2d-61a9-11ec-8be6-d4c9ef517024 | Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports:
moderate: Possible NULL dereference or SSRF in forward proxy
configurations in Apache HTTP Server 2.4.51 and earlier (CVE-2021-44224)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference) or, for
configurations mixing forward and reverse proxy declarations, can allow
for requests to be directed to a declared Unix Domain Socket endpoint
(Server Side Request Forgery).
high: Possible buffer overflow when parsing multipart content in
mod_lua of Apache HTTP Server 2.4.51 and earlier (CVE-2021-44790) A
carefully crafted request body can cause a buffer overflow in the
mod_lua multipart parser (r:parsebody() called from Lua scripts).
Discovery 2021-12-20 Entry 2021-12-20 apache24
< 2.4.52
CVE-2021-44224
CVE-2021-44790
https://httpd.apache.org/security/vulnerabilities_24.html
|
00919005-96a3-11ed-86e9-d4c9ef517024 | Apache httpd -- Multiple vulnerabilities
The Apache httpd project reports:
mod_dav out of bounds read, or write of zero byte (CVE-2006-20001)
(moderate)
mod_proxy_ajp Possible request smuggling (CVE-2022-36760) (moderate)
mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response
splitting (CVE-2022-37436) (moderate)
Discovery 2023-01-17 Entry 2023-01-17 apache24
< 2.4.55
CVE-2022-37436
CVE-2022-36760
CVE-2006-20001
https://downloads.apache.org/httpd/CHANGES_2.4.55
|
f38187e7-2f6e-11e8-8f07-b499baebfeaf | apache -- multiple vulnerabilities
The Apache httpd reports:
Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig
enabled (CVE-2017-15710)
mod_session: CGI-like applications that intend to read from
mod_session's 'SessionEnv ON' could be fooled into reading
user-supplied data instead. (CVE-2018-1283)
mod_cache_socache: Fix request headers parsing to avoid a possible
crash with specially crafted input data. (CVE-2018-1303)
core: Possible crash with excessively long HTTP request headers.
Impractical to exploit with a production build and production
LogLevel. (CVE-2018-1301)
core: Configure the regular expression engine to match '$' to the
end of the input string only, excluding matching the end of any
embedded newline characters. Behavior can be changed with new
directive 'RegexDefaultOptions'. (CVE-2017-15715)
mod_auth_digest: Fix generation of nonce values to prevent replay
attacks across servers using a common Digest domain. This change
may cause problems if used with round robin load balancers.
(CVE-2018-1312)
mod_http2: Potential crash w/ mod_http2. (CVE-2018-1302)
Discovery 2018-03-23 Entry 2018-03-24 Modified 2018-03-27 apache24
< 2.4.30
apache22
< 2.2.34_5
https://www.apache.org/dist/httpd/CHANGES_2.4.33
CVE-2017-15710
CVE-2018-1283
CVE-2018-1303
CVE-2018-1301
CVE-2017-15715
CVE-2018-1312
CVE-2018-1302
|
eb888ce5-1f19-11e9-be05-4c72b94353b5 | Apache -- vulnerability
The Apache httpd Project reports:
SECURITY: CVE-2018-17199
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused.
SECURITY: CVE-2019-0190
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later. PR 63052.
SECURITY: CVE-2018-17189
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data.
Discovery 2019-01-22 Entry 2019-01-23 apache24
< 2.4.38
http://www.apache.org/dist/httpd/CHANGES_2.4.38
http://httpd.apache.org/security/vulnerabilities_24.html
CVE-2018-17199
CVE-2018-17189
CVE-2019-0190
|
e182c076-c189-11e8-a6d2-b499baebfeaf | Apache -- Denial of service vulnerability in HTTP/2
The Apache httpd project reports:
low: DoS for HTTP/2 connections by continuous SETTINGS
By sending continous SETTINGS frames of maximum size an ongoing
HTTP/2 connection could be kept busy and would never time out. This
can be abused for a DoS on the server. This only affect a server
that has enabled the h2 protocol.
Discovery 2018-09-25 Entry 2018-09-26 apache24
< 2.4.35
http://httpd.apache.org/security/vulnerabilities_24.html
CVE-2018-11763
|
b360b120-74b1-11ea-a84a-4c72b94353b5 | Apache -- Multiple vulnerabilities
Apache Team reports:
SECURITY: CVE-2020-1934
mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
server.
SECURITY: CVE-2020-1927
rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
matches and substitutions with encoded line break characters.
The fix for CVE-2019-10098 was not effective.
Discovery 2020-04-01 Entry 2020-04-02 apache24
< 2.4.43
https://downloads.apache.org/httpd/CHANGES_2.4.43
CVE-2020-1934
CVE-2020-1927
|