CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-32792 – XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc
https://notcve.org/view.php?id=CVE-2021-32792
26 Jul 2021 — mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`. mod_auth_openidc es un módulo de autenticación/autorización para el servidor HTTP Apache versión 2.x que funciona como OpenID Connect Relying Party, autenticando a usuarios contra un proveedor de OpenID Co... • https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-32785 – Format string bug in the Redis cache implementation
https://notcve.org/view.php?id=CVE-2021-32785
22 Jul 2021 — mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and l... • https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-32786 – Open Redirect in oidc_validate_redirect_url()
https://notcve.org/view.php?id=CVE-2021-32786
22 Jul 2021 — mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to red... • https://daniel.haxx.se/blog/2017/01/30/one-url-standard-please • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 12%CPEs: 11EXPL: 0CVE-2021-31618 – NULL pointer dereference on specially crafted HTTP/2 request
https://notcve.org/view.php?id=CVE-2021-31618
15 Jun 2021 — Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL po... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2019-15600
https://notcve.org/view.php?id=CVE-2019-15600
18 Dec 2019 — A Path traversal exists in http_server which allows an attacker to read arbitrary system files. Se presenta un Salto de Ruta en http_server que permite a un atacante leer archivos arbitrarios del sistema. • https://hackerone.com/reports/692262 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 78%CPEs: 41EXPL: 0CVE-2016-4975 – mod_userdir CRLF injection
https://notcve.org/view.php?id=CVE-2016-4975
14 Aug 2018 — Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). Posible inyección CRLF que permite ataques de separación de respuesta HTTP para los sitios que emplean mod_userdir. • http://www.securityfocus.com/bid/105093 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 5.9EPSS: 6%CPEs: 18EXPL: 0CVE-2018-1301 – httpd: Out of bounds access after failure in reading the HTTP request
https://notcve.org/view.php?id=CVE-2018-1301
26 Mar 2018 — A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. Una petición especialmente manipulada podría haber provocado el cierre inesperado del servidor Apache HTTP en versiones anteriores a la 2.4.30, debido a u... • http://www.openwall.com/lists/oss-security/2018/03/24/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 9%CPEs: 6EXPL: 0CVE-2018-1302 – httpd: Use-after-free on HTTP/2 stream shutdown
https://notcve.org/view.php?id=CVE-2018-1302
26 Mar 2018 — When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. Cuando un flujo de datos o stream HTTP/2 se destruye después de haber sido manipulado, el servidor Apache HTTP en versiones... • http://www.openwall.com/lists/oss-security/2018/03/24/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 31%CPEs: 11EXPL: 0CVE-2018-1303 – httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS
https://notcve.org/view.php?id=CVE-2018-1303
26 Mar 2018 — A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability. Una cabecera HTTP especialmente manipulada podría haber provocado el cierre inesperado del servidor ... • http://www.openwall.com/lists/oss-security/2018/03/24/3 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2017-12171 – httpd: # character matches all IPs
https://notcve.org/view.php?id=CVE-2017-12171
19 Oct 2017 — A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. Se ha detectado una regresión en la versión 6.9 de Red Hat Enterprise Linux de httpd 2.2.15-60, provocando que los comentarios en las líneas de configuración "Allow" y "Deny" se analicen incorrectamente. Un administrador web podría permiti... • http://www.securityfocus.com/bid/101516 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •