CVSS: 7.8EPSS: 11%CPEs: 3EXPL: 0CVE-2023-27522 – Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting
https://notcve.org/view.php?id=CVE-2023-27522
07 Mar 2023 — HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client. • https://httpd.apache.org/security/vulnerabilities_24.html • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 94%CPEs: 3EXPL: 3CVE-2018-7490 – uWSGI < 2.0.17 - Directory Traversal
https://notcve.org/view.php?id=CVE-2018-7490
26 Feb 2018 — uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. Las versiones anteriores a la 2.0.17 de uWSGI gestionan de manera incorrecta una comprobación DOCUMENT_ROOT durante el uso de la opción --php-docroot, lo que permite el salto de directorio. Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, al... • https://packetstorm.news/files/id/146632 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6758
https://notcve.org/view.php?id=CVE-2018-6758
06 Feb 2018 — The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length. La función uwsgi_expand_path en core/utils.c en Unbit uWSGI hasta la versión 2.0.15 tiene un desbordamiento de búfer basado en pila mediante una longitud de directorio grande. • http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html • CWE-787: Out-of-bounds Write •