Page 6 of 70 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0

CVE-2021-34798 – NULL pointer dereference in httpd core

https://notcve.org/view.php?id=CVE-2021-34798

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. Unas peticiones malformadas pueden causar que el servidor haga desreferencia a un puntero NULL. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability. • http://httpd.apache.org/security/vulnerabilities_24.html https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10379 https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2021-33193 – Request splitting via HTTP/2 method injection and mod_proxy

https://notcve.org/view.php?id=CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. Un método diseñado enviado mediante HTTP/2 omitirá la comprobación y será reenviado por mod_proxy, lo que puede conllevar a la división de peticiones o el envenenamiento de la caché. Este problema afecta a Apache HTTP Server versiones 2.4.17 a 2.4.48. A NULL pointer dereference was found in Apache httpd mod_h2. • https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3Ccvs.httpd.apache.org%3E https://lists.debian.org/debian-lts-announce/2023/03/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T https://lists.fedoraproject.org/archives&#x • CWE-476: NULL Pointer Dereference •

CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-32791 – Hardcoded static IV and AAD with a reused key in AES GCM encryption in mod_auth_openidc

https://notcve.org/view.php?id=CVE-2021-32791

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines. mod_auth_openidc es un módulo de autenticación/autorización para el servidor HTTP Apache versión 2.x que funciona como OpenID Connect Relying Party, autenticando a usuarios contra un OpenID Connect Provider. En mod_auth_openidc versiones anteriores a 2.4.9, el cifrado AES GCM en mod_auth_openidc usa un IV estático y un AAD. • https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9 https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/messa • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-32792 – XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc

https://notcve.org/view.php?id=CVE-2021-32792

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`. mod_auth_openidc es un módulo de autenticación/autorización para el servidor HTTP Apache versión 2.x que funciona como OpenID Connect Relying Party, autenticando a usuarios contra un proveedor de OpenID Connect. En mod_auth_openidc versiones anteriores a 2.4.9, se presenta una vulnerabilidad de tipo XSS cuando se usa el parámetro "OIDCPreservePost On" A flaw was found in mod_auth_openidc. When mod_auth_openidc is configured with `OIDCPreservePost On` it is possible to trigger a cross site scripting(XSS) vulnerability that could be used by a remote attacker to execute code on the browser of the victim user. The highest threat from this flaw is to data confidentiality and integrity. • https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751 https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56 https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9 https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU https • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-32785 – Format string bug in the Redis cache implementation

https://notcve.org/view.php?id=CVE-2021-32785

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled. mod_auth_openidc es un módulo de autenticación/autorización para el servidor HTTP Apache versión 2.x que funciona como OpenID Connect Relying Party, autenticando a usuarios contra un OpenID Connect Provider. • https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9 https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4 https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html https://security.netapp.com/advisory/ntap-20210902-0001 https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-134: Use of Externally-Controlled Format String •