Page 3 of 296 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. • https://github.com/Saksham2002/CVE-2006-20001 https://httpd.apache.org/security/vulnerabilities_24.html https://security.gentoo.org/glsa/202309-01 https://access.redhat.com/security/cve/CVE-2006-20001 https://bugzilla.redhat.com/show_bug.cgi?id=2161774 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. Apache HTTP Server versiones 2.4.53 y anteriores, no envían los encabezados X-Forwarded-* al servidor de origen basándose en el mecanismo hop-by-hop del encabezado de conexión del lado del cliente. Esto puede usarse para evitar la autenticación basada en la IP en el servidor de origen/aplicación A flaw was found in the mod_proxy module of httpd. The server may remove the X-Forwarded-* headers from a request based on the client-side Connection header hop-by-hop mechanism. • http://www.openwall.com/lists/oss-security/2022/06/08/8 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-31813 ht • CWE-345: Insufficient Verification of Data Authenticity CWE-348: Use of Less Trusted Source •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. Apache HTTP Server versiones 2.4.53 y anteriores, pueden devolver longitudes a las aplicaciones que llaman a r:wsread() que apuntan más allá del final del almacenamiento asignado para el buffer A flaw was found in the mod_lua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure. • http://www.openwall.com/lists/oss-security/2022/06/08/7 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-30556 ht • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 28%CPEs: 4EXPL: 0

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. Si Apache HTTP Server versión 2.4.53, está configurado para hacer transformaciones con mod_sed en contextos en los que la entrada a mod_sed puede ser muy grande, mod_sed puede hacer asignaciones de memoria excesivamente grandes y provocar un aborto A flaw was found in the mod_sed module of httpd. A very large input to the mod_sed module can result in a denial of service due to excessively large memory allocations. • http://www.openwall.com/lists/oss-security/2022/06/08/6 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-30522 ht • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •

CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. En Apache HTTP Server 2.4.53 y anteriores, una petición maliciosa a un script lua que llame a r:parsebody(0) puede causar una denegación de servicio debido a que no presenta un límite por defecto en el tamaño posible de la entrada A flaw was found in the mod_lua module of httpd. A malicious request to a Lua script that calls parsebody(0) can lead to a denial of service due to no default limit on the possible input size. • http://www.openwall.com/lists/oss-security/2022/06/08/5 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-29404 ht • CWE-770: Allocation of Resources Without Limits or Throttling •