-
Latest security vulnerabilities Apache Http Server
Aug 16, 2021 | 00:00 am
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. (CVSS:5.0) (Last Update:2021-09-20)
Read more...
-
Latest security vulnerabilities Apache Http Server
Jun 15, 2021 | 00:00 am
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jun 10, 2021 | 00:00 am
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Aug 7, 2020 | 00:00 am
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Apr 2, 2020 | 00:00 am
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. (CVSS:5.8) (Last Update:2021-07-09)
Read more...
-
Latest security vulnerabilities Apache Http Server
Apr 1, 2020 | 00:00 am
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. (CVSS:5.0) (Last Update:2021-07-09)
Read more...
-
Latest security vulnerabilities Apache Http Server
Sep 26, 2019 | 00:00 am
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVSS:6.4) (Last Update:2021-06-06)
Read more...
-
Latest security vulnerabilities Apache Http Server
Sep 25, 2019 | 00:00 am
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVSS:5.8) (Last Update:2021-06-14)
Read more...
-
Latest security vulnerabilities Apache Http Server
Aug 15, 2019 | 00:00 am
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not[…]
Read more...
-
Latest security vulnerabilities Apache Http Server
Jun 11, 2019 | 00:00 am
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the[…]
Read more...
Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!