CVSS: 9.8EPSS: 17%CPEs: 8EXPL: 0CVE-2022-23943 – mod_sed: Read/write beyond bounds
https://notcve.org/view.php?id=CVE-2022-23943
14 Mar 2022 — Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Una vulnerabilidad de escritura fuera de límites en mod_sed de Apache HTTP Server permite a un atacante sobrescribir la memoria de la pila con datos posiblemente proporcionados por el atacante. Este problema afecta a Apache HTTP Server 2.4 versiones 2.4.52 y anteriores An out-of-bounds... • http://www.openwall.com/lists/oss-security/2022/03/14/1 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 24EXPL: 0CVE-2022-22721 – core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
https://notcve.org/view.php?id=CVE-2022-22721
14 Mar 2022 — If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Si LimitXMLRequestBody está configurado para permitir cuerpos de petición de más de 350 MB (por defecto 1M) en sistemas de 32 bits, es producido un desbordamiento de enteros que causa posteriormente escrituras fuera de límites. Este problema afecta a Apache HTTP Server 2.4.52 y... • http://seclists.org/fulldisclosure/2022/May/33 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 1CVE-2022-22720 – HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
https://notcve.org/view.php?id=CVE-2022-22720
14 Mar 2022 — Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Apache HTTP Server versiones 2.4.52 y anteriores, no cierran la conexión entrante cuando son encontrados errores descartando el cuerpo de la petición, exponiendo al servidor al contrabando de peticiones HTTP A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the s... • https://github.com/Benasin/CVE-2022-22720 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 10%CPEs: 24EXPL: 0CVE-2022-22719 – mod_lua Use of uninitialized value of in r:parsebody
https://notcve.org/view.php?id=CVE-2022-22719
14 Mar 2022 — A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Un cuerpo de petición cuidadosamente diseñado puede causar una lectura en una zona de memoria aleatoria que podría causar al proceso un bloqueo. Este problema afecta al servidor HTTP Apache versiones 2.4.52 y anteriores A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random memory area due to ... • http://seclists.org/fulldisclosure/2022/May/33 • CWE-665: Improper Initialization CWE-908: Use of Uninitialized Resource •
CVSS: 8.2EPSS: 56%CPEs: 37EXPL: 0CVE-2021-44224 – Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier
https://notcve.org/view.php?id=CVE-2021-44224
20 Dec 2021 — A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). Un URI diseñado que es enviado a httpd configurado como proxy directo (ProxyRequests on) puede causar un fallo (desreferencia de puntero NUL... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-476: NULL Pointer Dereference CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 16%CPEs: 35EXPL: 3CVE-2021-44790 – Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
https://notcve.org/view.php?id=CVE-2021-44790
20 Dec 2021 — A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. Un cuerpo de petición cuidadosamente diseñado puede causar un desbordamiento de búfer en el analizador multiparte mod_lua (r:parsebody() llamado desde scripts Lua). El equipo de Apache httpd no presenta const... • https://packetstorm.news/files/id/171631 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 96%CPEs: 26EXPL: 11CVE-2021-40438 – Apache HTTP Server-Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2021-40438
16 Sep 2021 — A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Un uri-path diseñado puede causar que mod_proxy reenvíe la petición a un servidor de origen elegido por el usuario remoto. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated attacker to make the ht... • https://github.com/sixpacksecurity/CVE-2021-40438 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2021-39275 – ap_escape_quotes buffer overflow
https://notcve.org/view.php?id=CVE-2021-39275
16 Sep 2021 — ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. la función ap_escape_quotes() puede escribir más allá del final de un buffer cuando se le da una entrada maliciosa. Ningún módulo incluido pasa datos no confiables a estas funciones, pero los módulos externos o de terceros pueden hacerlo. Este problema afecta a Apache H... • https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-36160 – mod_proxy_uwsgi out of bound read
https://notcve.org/view.php?id=CVE-2021-36160
16 Sep 2021 — A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). Una uri-path de petición cuidadosamente diseñada puede causar que la función mod_proxy_uwsgi lea por encima de la memoria asignada y se bloquee (DoS). Este problema afecta a Apache HTTP Server versiones 2.4.30 a 2.4.48 (incluyéndola) An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated atta... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 0CVE-2021-34798 – NULL pointer dereference in httpd core
https://notcve.org/view.php?id=CVE-2021-34798
16 Sep 2021 — Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. Unas peticiones malformadas pueden causar que el servidor haga desreferencia a un puntero NULL. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability. • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-476: NULL Pointer Dereference •