CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 71%CPEs: 8EXPL: 0CVE-2022-23943 – mod_sed: Read/write beyond bounds
https://notcve.org/view.php?id=CVE-2022-23943
14 Mar 2022 — Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Una vulnerabilidad de escritura fuera de límites en mod_sed de Apache HTTP Server permite a un atacante sobrescribir la memoria de la pila con datos posiblemente proporcionados por el atacante. Este problema afecta a Apache HTTP Server 2.4 versiones 2.4.52 y anteriores An out-of-bounds... • http://www.openwall.com/lists/oss-security/2022/03/14/1 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 31%CPEs: 24EXPL: 0CVE-2022-22721 – core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
https://notcve.org/view.php?id=CVE-2022-22721
14 Mar 2022 — If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Si LimitXMLRequestBody está configurado para permitir cuerpos de petición de más de 350 MB (por defecto 1M) en sistemas de 32 bits, es producido un desbordamiento de enteros que causa posteriormente escrituras fuera de límites. Este problema afecta a Apache HTTP Server 2.4.52 y... • http://seclists.org/fulldisclosure/2022/May/33 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 36%CPEs: 24EXPL: 1CVE-2022-22720 – HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
https://notcve.org/view.php?id=CVE-2022-22720
14 Mar 2022 — Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Apache HTTP Server versiones 2.4.52 y anteriores, no cierran la conexión entrante cuando son encontrados errores descartando el cuerpo de la petición, exponiendo al servidor al contrabando de peticiones HTTP A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the s... • https://github.com/Benasin/CVE-2022-22720 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 47%CPEs: 24EXPL: 0CVE-2022-22719 – mod_lua Use of uninitialized value of in r:parsebody
https://notcve.org/view.php?id=CVE-2022-22719
14 Mar 2022 — A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Un cuerpo de petición cuidadosamente diseñado puede causar una lectura en una zona de memoria aleatoria que podría causar al proceso un bloqueo. Este problema afecta al servidor HTTP Apache versiones 2.4.52 y anteriores A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random memory area due to ... • http://seclists.org/fulldisclosure/2022/May/33 • CWE-665: Improper Initialization CWE-908: Use of Uninitialized Resource •
CVSS: 8.2EPSS: 3%CPEs: 37EXPL: 0CVE-2021-44224 – Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier
https://notcve.org/view.php?id=CVE-2021-44224
20 Dec 2021 — A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). Un URI diseñado que es enviado a httpd configurado como proxy directo (ProxyRequests on) puede causar un fallo (desreferencia de puntero NUL... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-476: NULL Pointer Dereference CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 79%CPEs: 35EXPL: 3CVE-2021-44790 – Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
https://notcve.org/view.php?id=CVE-2021-44790
20 Dec 2021 — A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. Un cuerpo de petición cuidadosamente diseñado puede causar un desbordamiento de búfer en el analizador multiparte mod_lua (r:parsebody() llamado desde scripts Lua). El equipo de Apache httpd no presenta const... • https://packetstorm.news/files/id/171631 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 68%CPEs: 2EXPL: 4CVE-2021-42697 – Akka HTTP 10.1.14 - Denial of Service
https://notcve.org/view.php?id=CVE-2021-42697
02 Nov 2021 — Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. Akka HTTP 10.1.x antes de 10.1.15 y 10.2.x antes de 10.2.7 pueden encontrar agotamiento de la pila mientras analizan las cabeceras HTTP, lo que permite a un atacante remoto llevar a cabo un ataque de denegación de servicio mediante el envío de una cabecera User-Agent... • https://packetstorm.news/files/id/167018 • CWE-674: Uncontrolled Recursion •
CVSS: 9.0EPSS: 94%CPEs: 26EXPL: 11CVE-2021-40438 – Apache HTTP Server-Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2021-40438
16 Sep 2021 — A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Un uri-path diseñado puede causar que mod_proxy reenvíe la petición a un servidor de origen elegido por el usuario remoto. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated attacker to make the ht... • https://github.com/sixpacksecurity/CVE-2021-40438 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 40%CPEs: 17EXPL: 0CVE-2021-39275 – ap_escape_quotes buffer overflow
https://notcve.org/view.php?id=CVE-2021-39275
16 Sep 2021 — ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. la función ap_escape_quotes() puede escribir más allá del final de un buffer cuando se le da una entrada maliciosa. Ningún módulo incluido pasa datos no confiables a estas funciones, pero los módulos externos o de terceros pueden hacerlo. Este problema afecta a Apache H... • https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf • CWE-787: Out-of-bounds Write •