78 results (0.024 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 2

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. Los encabezados entrantes HTTP/2 que exceden el límite se almacenan temporalmente en nghttp2 para generar una respuesta HTTP 413 informativa. Si un cliente no deja de enviar encabezados, esto provoca que se agote la memoria. A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. • https://github.com/lockness-Ko/CVE-2024-27316 https://github.com/aeyesec/CVE-2024-27316_poc http://www.openwall.com/lists/oss-security/2024/04/04/4 https://httpd.apache.org/security/vulnerabilities_24.html https://www.openwall.com/lists/oss-security/2024/04/03/16 https://support.apple.com/kb/HT214119 http://seclists.org/fulldisclosure/2024/Jul/18 https://access.redhat.com/security/cve/CVE-2024-27316 https://bugzilla.redhat.com/show_bug.cgi?id=2268277 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0

Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. Vulnerabilidad de lectura fuera de límites en mod_macro del servidor Apache HTTP. Este problema afecta al servidor Apache HTTP: hasta 2.4.57. A flaw was found in the mod_macro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash. • https://httpd.apache.org/security/vulnerabilities_24.html https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW https://security.netapp.com/advisory/ntap-20231027&# • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. • https://httpd.apache.org/security/vulnerabilities_24.html https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX https://security.netapp.com/advisory/ntap-20231027&# • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •

CVSS: 7.5EPSS: 83%CPEs: 444EXPL: 7

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. A vulnerability was found in httpd. • https://github.com/dhmosfunk/CVE-2023-25690-POC https://github.com/thanhlam-attt/CVE-2023-25690 http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html https://httpd.apache.org/security/vulnerabilities_24.html https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html https://security.gentoo.org/glsa/202309-01 https://access.redhat.com/security/cve/CVE-2023-25690 https://bugzilla.redhat.com/show_bug.cgi?id=2176209 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •