Severity: moderate
Affected versions:
- Apache HTTP Server 2.4.17 through 2.4.57
Description:
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window
were the request's memory resources were not reclaimed immediately. Instead,
de-allocation was deferred to connection
Severity: low
Affected versions:
- Apache HTTP Server through 2.4.57
Description:
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue
affects Apache HTTP Server: through 2.4.57.
Credit:
David Shoon (github/davidshoon) (finder)
References:
Severity: low
Affected versions:
- Apache HTTP Server 2.4.55 through 2.4.57
Description:
An attacker, opening a HTTP/2 connection with an initial window size of 0, was
able to block handling of that connection indefinitely in Apache HTTP Server.
This could be used to exhaust worker resources
Severity: low
Description:
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when
configured to process requests with the mod_isapi module.
Credit:
The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC)
for reporting this issue
References:
Severity: moderate
Description:
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to
smuggle requests to the AJP server it forwards requests to. This issue affects
Apache HTTP Server Apache HTTP
Severity: low
Description:
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read
unintended memory if an attacker can cause the server to reflect very large
input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.
Credit:
The Apache HTTP Server
Severity: low
Description:
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script
that calls r:parsebody(0) may cause a denial of service due to no default limit
on possible input size.
Credit:
The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop
Severity: low
Description:
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed
in contexts where the input to mod_sed may be very large, mod_sed may make
excessively large memory allocations and trigger an abort.
Credit:
This issue was found by Brian Moussalli from
Severity: low
Description:
Apache HTTP Server 2.4.53 and earlier may return lengths to applications
calling r:wsread() that point past the end of the storage allocated for the
buffer.
Credit:
The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC)
for reporting this
Severity: low
Description:
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to
the origin server based on client side Connection header hop-by-hop mechanism.
This may be used to bypass IP based authentication on the origin
server/application.
Credit:
The Apache
Severity: low
Description:
If LimitXMLRequestBody is set to allow request bodies larger than 350MB
(defaults to 1M) on 32 bit systems an integer overflow happens which later
causes out of bounds writes.
This issue affects Apache HTTP Server 2.4.52 and earlier.
Credit:
Anonymous working with
Severity: moderate
Description:
A carefully crafted request body can cause a read to a random memory area which
could cause the process to crash.
This issue affects Apache HTTP Server 2.4.52 and earlier.
Credit:
Chamal De Silva
Severity: important
Description:
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when
errors are encountered discarding the request body, exposing the server to HTTP
Request Smuggling
Credit:
James Kettle
Severity: important
Description:
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an
attacker to overwrite heap memory with possibly attacker provided data.
This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Credit:
Ronald Crane (Zippenhop
Severity: high
Description:
A carefully crafted request body can cause a buffer overflow in the
mod_lua multipart parser (r:parsebody() called from Lua scripts).
The Apache httpd team is not aware of an exploit for the vulnerability
though it might be possible to craft one.
This issue
Severity: moderate
Description:
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests
on) can cause a crash (NULL pointer dereference) or, for configurations
mixing forward and reverse proxy declarations, can allow for requests to
be directed to a declared Unix Domain
Severity: critical
Description:
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was
insufficient. An attacker could use a path traversal attack to map URLs to
files outside the directories configured by Alias-like directives.
If files outside of these directories
Severity: important
Description:
A flaw was found in a change made to path normalization in Apache HTTP Server
2.4.49. An attacker could use a path traversal attack to map URLs to files
outside the expected document root.
If files outside of the document root are not protected by "require
Severity: moderate
Description:
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected
during HTTP/2 request processing,
allowing an external source to DoS the server. This requires a specially
crafted request.
The vulnerability was recently introduced in version 2.4.49.
19 matches
Mail list logo
