CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38709 – Apache HTTP Server: HTTP response splitting
https://notcve.org/view.php?id=CVE-2023-38709
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. La validación de entrada defectuosa en el núcleo de Apache permite que generadores de contenido/backend maliciosos o explotables dividan las respuestas HTTP. Este problema afecta al servidor HTTP Apache: hasta 2.4.58. A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting. • http://www.openwall.com/lists/oss-security/2024/04/04/3 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPV • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2006-6675
https://notcve.org/view.php?id=CVE-2006-6675
Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app. Vulnerabilidad de XSS en Novell NetWare 6.5 Support Pack 5 y 6 y Novell Apache en NetWare 2.0.48 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados en la aplicación web Welcome. • http://secunia.com/advisories/23406 http://www.securityfocus.com/bid/21678 http://www.vupen.com/english/advisories/2006/5090 https://secure-support.novell.com/KanisaPlatform/Publishing/514/3319127_f.SAL_Public.html •